The plugin uses an easily guessable path to store user files, bad actors could use that to access other users' sensitive files.
1. Upload a file using the plugin.
2. On another browser, access the newly uploaded file via:
SENSITIVE DATA DISCLOSURE
2022-06-28 (about 1 months ago)
2022-07-25 (about 16 days ago)