Description
Cross-site request forgery (CSRF) vulnerability in Piwigo through 2.9.1 allows remote attackers to hijack the authentication of users for requests to change a private album to public via a crafted request.
Remediation
References
Related Vulnerabilities
WordPress Plugin AI ChatBot SQL Injection (4.8.9)
WordPress Plugin pipdig Power pack (p3) Backdoor (4.7.3)
IBM RTC Files or Directories Accessible to External Parties Vulnerability (CVE-2017-1602)
WordPress Plugin Jetpack-WP Security, Backup, Speed, & Growth Cross-Site Scripting (4.0.2)
WordPress Plugin MyBookTable Bookstore by Author Media Cross-Site Scripting (3.2.1)