If you are investigating security issues related to Nicepage versions from that era, the following common concerns have been raised by users and security plugins: Sensitive Path Exposure
The third component is a CSRF flaw in the desktop-to-WordPress synchronization endpoint. An attacker could craft a malicious webpage that, when visited by a logged-in WordPress administrator, forces the site to accept a malicious template from the attacker’s remote Nicepage instance. This effectively overwrites existing pages with attacker-controlled HTML/JavaScript. nicepage 4.16.0 exploit