Description
Cross-site request forgery (CSRF) vulnerability in e107_admin/users_extended.php in e107 before 0.7.26 allows remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences via the user_include parameter.
Remediation
References
Related Vulnerabilities
WordPress Plugin Child Theme Configurator Arbitrary File Disclosure (1.7.4)
WordPress Plugin ALO EasyMail Newsletter Cross-Site Scripting (2.8.1)
WordPress Plugin Post Grid Gutenberg Blocks and WordPress Blog-PostX Security Bypass (4.1.2)
OpenSSL Cryptographic Issues Vulnerability (CVE-2013-0169)
WordPress Plugin Theme Blvd Widget Areas Multiple Security Bypass Vulnerabilities (1.2.2)