Thanks for your report. As luck would have it, I released MLA v3.25 a few minutes before you started this topic, so the latest MLA version does not address this issue.
I will investigate further and mitigate the vulnerability as soon as I can. I will post an update here when I have progress to report. Thanks for alerting me to this issue and for your interest in the plugin.
It turns out that this problem was fixed in MLA v3.21, released on 11/19/24. I regret that I failed to notify Patchstack of the fix after that release. I have now done that and they should be updating their records shortly.
I am marking this topic resolved, but please update it if you have any further questions. Thanks for your interest in the plugin.
I received confirmation from Patchstack today that the problem has been marked as fixed.
