0.001 Low
EPSS
Percentile
32.2%
The plugin does not have authorisation and CSRF checks in various AJAX actions (such as deleting logs files etc), allowing them to be called by any authenticated users, such a subscriber or via CSRF attacks