Description
The User module in Drupal 7.x before 7.44 allows remote authenticated users to gain privileges via vectors involving contributed or custom code that triggers a rebuild of the user profile form.
Remediation
References
Related Vulnerabilities
WordPress Plugin Easy Google Maps Cross-Site Scripting (1.9.33)
WordPress Plugin eCommerce Product Catalog for WordPress Cross-Site Request Forgery (2.9.43)
WordPress Other Vulnerability (CVE-2007-3240)
WordPress Plugin Easy Forms for MailChimp Unspecified Vulnerability (6.0.3.2)
Squid Improper Input Validation Vulnerability (CVE-2021-33620)