Amasty RMA extension is used by a number of community and enterprise edition stores. The plug-in is found to have a couple of critical vulnerabilities. The two vulnerabilities found are:
More details here: https://www.getastra.com/blog/cms/magento-security/vulnerability-magento-rma-extension/
The vendor has patched the vulnerability, it is recommended to update.
This issue was fixed back in May, so the current version of our RMA extension (1.3.11) has no vulnerabilities.
Last month we made all updates of our extensions free of change, so everyone who has ever bought our RMA mod can easily upgrade it to the current version.