Description
Multiple cross-site request forgery (CSRF) vulnerabilities in ATutor 2.2 allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator account via a request to mods/_core/users/admins/create.php or (2) create a user account via a request to mods/_core/users/create_user.php.
Remediation
References
Related Vulnerabilities
WordPress Plugin Blogstand Banner Cross-Site Scripting (1.0)
WordPress Plugin Maps Widget for Google Maps-Google Maps Builder Cross-Site Scripting (2.30)
WordPress Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2018-14028)
WordPress Plugin WPFront Notification Bar Cross-Site Scripting (1.9.1.04012)