Description

A cross-site request forgery vulnerability exists in the GiftCardAccount removal feature for Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.

Remediation

References

CVE-2019-7947

Related Vulnerabilities

WordPress Plugin WP-Live Chat by 3CX Multiple Vulnerabilities (4.3.5)

WordPress Plugin Paid Memberships Pro-Restrict Member Access to Content, Courses, Communities-Free or Paid Subscriptions Directory Traversal (1.7.14.2)

OpenSSL CVE-2023-4807 Vulnerability (CVE-2023-4807)

Oracle JRE CVE-2019-2933 Vulnerability (CVE-2019-2933)

Telerik Web UI Missing Authorization Vulnerability (CVE-2021-28141)

Severity

Medium

Classification

CVE-2019-7947 CWE-352 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities