Description The link to update all installed language packs did not include the necessary token to prevent a CSRF risk. Remediation References CVE-2024-25982 Related Vulnerabilities Liferay Portal Missing Authorization Vulnerability (CVE-2022-39975) WordPress Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-14720) WordPress Plugin JupiterX Core Security Bypass (2.0.6) WordPress Plugin WP Advanced Comment Cross-Site Scripting (0.10) MySQL CVE-2021-2002 Vulnerability (CVE-2021-2002) Severity High Classification CVE-2024-25982 CWE-352 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Tags Missing Update Known Vulnerabilities