The US CISA: It contains an improper access control flaw that allows for remote code execution. Adobe: It has been exploited in the wild in very limited attacks.
Cybersecurity Help experts: It’s the CVE-2022-30927. An attacker could execute arbitrary SQL queries in database, gaining the complete control of the application.
Wordfence cybersecurity experts: The plugin flaw enables any authorized user to entirely wipe a site clean, erasing all of the material and data posted to it.