The plugin is vulnerable to Remote Code Execution via file upload via the template import functionality, allowing authenticated attackers, with contributor-level access and above, to upload files and execute code on the server.
View the template here CVE-2023-48777.yaml
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-48777