Hi,
we’ve reviewed the report from Solid Security. Based on the information currently available, the reported issue appears to be low severity and unlikely to be exploited.
That said, we take security seriously. we’ve already made recent improvements to address one of the unauthenticated endpoints in the plugin, and we’re planning a release that includes this fix. we’ll continue to investigate further.
