Joomla! Core is prone to multiple cross-site request forgery vulnerabilities. Exploiting these issues may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected application; other attacks are also possible. Joomla! Core versions 3.x.x ranging from 3.2.0 and up to and including 3.9.15 are vulnerable.
Update to Joomla! Core version 3.9.16 or latest