Description
Magento prior to 1.9.4.3 and prior to 1.14.4.3 included a user's CSRF token in the URL of a GET request. This could be exploited by an attacker with access to network traffic to perform unauthorized actions.
Remediation
References
Related Vulnerabilities
MySQL CVE-2018-3284 Vulnerability (CVE-2018-3284)
WordPress Credentials Management Errors Vulnerability (CVE-2016-5838)
WordPress 5.0.x Cross-Site Request Forgery (5.0 - 5.0.3)
WordPress Plugin WP Statistics Cross-Site Scripting (12.6.7)
WordPress Plugin Joy Of Text Lite-SMS messaging for WordPress SQL Injection (2.3.0)