Description
CakePHP 2.x and 3.x before 3.1.5 might allow remote attackers to bypass the CSRF protection mechanism via the _method parameter.
Remediation
References
Related Vulnerabilities
WordPress Plugin Extensive VC Addons for WPBakery page builder Local File Inclusion (1.9)
WordPress Plugin Alpine PhotoTile for Instagram Cross-Site Scripting (1.2.6.5)
WordPress Plugin Content text slider on post Cross-Site Scripting (6.8)
WordPress Plugin Modern Events Calendar Lite Multiple Vulnerabilities (5.16.2)