Vulnerabilities like this one are used in mass-exploit campaigns. Attackers use these to attack thousands of websites at a time, regardless of traffic size or popularity. Learn more.
As immediate action, update the affected plugin. If you're unable to do so, ask your hosting provider or web developer for help.
CVSS score is a way to evaluate and rank reported vulnerabilities in a standardized and repeatable way but which is not ideal for WordPress.
This security issue has a low severity impact and is unlikely to be exploited.
This software was last updated over a year ago and will likely not receive further updates or patches. Note that deactivating the software does not remove the security threat unless mitigation rule by Patchstack is deployed.
This plugin was last updated over one year ago and will likely not receive further updates or patches. Note that deactivating the plugin does not remove the security threat unless mitigation rule by Patchstack is deployed.