Description qdPM 9.2 allows Cross-Site Request Forgery (CSRF) via the index.php/myAccount/update URI. Remediation References CVE-2022-26180 Related Vulnerabilities WordPress Plugin Eventify-Simple Events 'fetcheventdetails.php' SQL Injection (1.7.f) WordPress Plugin Formidable-Clockwork SMS Cross-Site Scripting (1.0.3) WordPress Plugin Facebook Promotion Generator for WordPress Multiple Cross-Site Scripting Vulnerabilities (1.3.4) PrestaShop Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-5276) Apache Tomcat Other Vulnerability (CVE-2000-0760) Severity High Classification CVE-2022-26180 CWE-352 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Tags Missing Update Known Vulnerabilities