Description
FrontAccounting 2.4.3 suffers from a CSRF flaw, which leads to adding a user account via admin/users.php (aka the "add user" feature of the User Permissions page).
Remediation
References
Related Vulnerabilities
WordPress Plugin Photo Gallery by 10Web-Mobile-Friendly Image Gallery Arbitrary File Upload (1.2.5)
MySQL CVE-2021-2193 Vulnerability (CVE-2021-2193)
MySQL CVE-2019-2528 Vulnerability (CVE-2019-2528)
WordPress Plugin Browser Screenshots Cross-Site Scripting (1.7.5)
WordPress Plugin Gravity Forms Unspecified Vulnerability (2.4.17)