Description
An issue discovered in Axios 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information.
Remediation
References
Related Vulnerabilities
WordPress Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-9064)
WordPress Plugin Subscribe to Comments Multiple Cross-Site Scripting Vulnerabilities (2.0.4)
WordPress Plugin Cart66 Lite::WordPress Ecommerce Cross-Site Scripting (1.5.4)
WordPress Plugin wpCommentTwit Cross-Site Request Forgery (0.5)