EPSS
Percentile
27.6%
The plugin is lacking CSRF and validation when uploading or deleting files, which could allow attackers to make a logged-in admin upload or delete files via a CSRF attack.