Description
Multiple cross-site request forgery (CSRF) vulnerabilities in ATutor 2.2 allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator account via a request to mods/_core/users/admins/create.php or (2) create a user account via a request to mods/_core/users/create_user.php.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP Link To Us Multiple Cross-Site Scripting Vulnerabilities (2.0)
WordPress Plugin Simple Sitemap-Create a Responsive HTML Sitemap Security Bypass (3.5.4)
WordPress Plugin SVG Support Cross-Site Scripting (2.4.2)
WordPress Plugin All-in-One Event Calendar Multiple Vulnerabilities (1.10-standard)