Description
Cross-site request forgery (CSRF) vulnerability in CMS Made Simple before 2.1.6 allows remote attackers to hijack the authentication of administrators for requests that create accounts via an admin/adduser.php request.
Remediation
Update to CMS Made Simple 2.1.6 or later.
References
https://www.cmsmadesimple.org/2016/12/Announcing-CMSMS-v2-1-6-Spanish-Wells/
Related Vulnerabilities
WordPress 4.9.x Cross-Site Request Forgery (4.9 - 4.9.9)
WordPress Plugin The Guardian News Feed Cross-Site Request Forgery (0.4)
WordPress 4.2.x Cross-Site Request Forgery (4.2 - 4.2.22)
WordPress Plugin WP Security Question Cross-Site Request Forgery (1.0.5)
WordPress Plugin Push Notifications for WordPress (Lite) Cross-Site Request Forgery (6.0)