Description
A cross-site request forgery vulnerability exists in the GiftCardAccount removal feature for Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.
Remediation
References
Related Vulnerabilities
WordPress Plugin Kish Guest Posting 'uploadify.php' Arbitrary File Upload (1.2)
Drupal Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-6926)
WordPress Plugin Asgaros Forum Multiple Vulnerabilities (1.15.14)
WordPress Plugin W3 Total Cache Multiple Vulnerabilities (0.9.4)
WordPress Plugin WordLift-AI powered SEO-Schema Cross-Site Scripting (3.37.1)