Description
Multiple cross-site request forgery (CSRF) vulnerabilities in Piwigo before 2.6.2 allow remote attackers to hijack the authentication of administrators for requests that use the (1) pwg.groups.addUser, (2) pwg.groups.deleteUser, (3) pwg.groups.setInfo, (4) pwg.users.setInfo, (5) pwg.permissions.add, or (6) pwg.permissions.remove method.
Remediation
References
Related Vulnerabilities
WordPress Plugin WPQA-Builder forms Addon For WordPress Insecure Direct Object Reference (5.9.2)
WordPress Plugin Easy Watermark Security Bypass (0.7.0)
Python Protection Mechanism Failure Vulnerability (CVE-2016-0772)
PostgreSQL Out-of-bounds Read Vulnerability (CVE-2019-10129)
Python Integer Overflow or Wraparound Vulnerability (CVE-2016-9063)