Description
Cross-site request forgery (CSRF) vulnerability in CMS Made Simple before 2.1.6 allows remote attackers to hijack the authentication of administrators for requests that create accounts via an admin/adduser.php request.
Remediation
Update to CMS Made Simple 2.1.6 or later.
References
https://www.cmsmadesimple.org/2016/12/Announcing-CMSMS-v2-1-6-Spanish-Wells/
Related Vulnerabilities
WordPress Plugin Gallery-Flagallery Photo Portfolio Cross-Site Request Forgery (5.3.6)
WordPress Plugin eCommerce Product Catalog for WordPress Cross-Site Request Forgery (3.0.17)
WordPress Plugin Polylang Cross-Site Request Forgery (2.5)
WordPress Plugin Improved user search in backend Cross-Site Request Forgery (1.2.4)
WordPress Plugin Rich Reviews Multiple Vulnerabilities (1.7.3)