Description
A cross-site request forgery vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 can cause unwanted items to be added to a shopper's cart due to an insufficiently robust anti-CSRF token implementation.
Remediation
References
Related Vulnerabilities
Apache HTTP Server NULL Pointer Dereference Vulnerability (CVE-2021-26690)
WordPress Plugin WP Data Access Security Bypass (5.1.3)
WordPress Plugin Password Vault Cross-Site Scripting (1.8.2)
Piwigo Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2018-7724)
WordPress Plugin Facebook Like Box Unspecified Vulnerability (1.0.17)