The plugin does not validate the api_url parameter before redirecting the user to its value, leading to an Open Redirect issue
View the template here CVE-2023-6786.yaml
References:
https://wpscan.com/vulnerability/f3e64947-3138-4ec4-86c4-27b5d6a5c9c2/