Description
Cross-site request forgery (CSRF) vulnerability in e107_admin/users_extended.php in e107 before 0.7.26 allows remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences via the user_include parameter.
Remediation
References
Related Vulnerabilities
WordPress Plugin Image Export Arbitrary File Download (1.1.0)
WebLogic CVE-2020-14882 Vulnerability (CVE-2020-14882)
WordPress Plugin Custom Searchable Data Entry System Security Bypass (1.7.1)
WordPress Plugin MF Gig Calendar Cross-Site Scripting (1.1)
WordPress Plugin Display Widgets Spam Links Injection (2.6.3.1)