Description
Cross-site request forgery (CSRF) vulnerability in the administration panel in Piwigo before 2.6.2 allows remote attackers to hijack the authentication of administrators for requests that add users via a pwg.users.add action in a request to ws.php.
Remediation
References
Related Vulnerabilities
WordPress 4.6.x Multiple Vulnerabilities (4.6 - 4.6.23)
WordPress Plugin JetWidgets For Elementor Multiple Cross-Site Scripting Vulnerabilities (1.0.8)
WordPress Plugin Simple Ads Manager Denial of Service (2.9.3.114)
Python Integer Overflow or Wraparound Vulnerability (CVE-2007-4965)
TYPO3 Improper Input Validation Vulnerability (CVE-2010-5099)