Description

A cross-site request forgery vulnerability exists in the GiftCardAccount removal feature for Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.

Remediation

References

CVE-2019-7947

Related Vulnerabilities

WordPress Plugin Shield Security-Smart Bot Blocking & Intrusion Prevention Security Cross-Site Request Forgery (19.1.10)

WordPress Plugin MailPoet Newsletters (Previous) Multiple Vulnerabilities (2.7.2)

Oracle Database Server CVE-2006-3702 Vulnerability (CVE-2006-3702)

PHP Out-of-bounds Read Vulnerability (CVE-2018-20783)

WordPress Plugin Caret Country Access Limit Cross-Site Scripting (1.0.1)

Severity

Medium

Classification

CVE-2019-7947 CWE-352 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities