Description
Magento prior to 1.9.4.3 and prior to 1.14.4.3 included a user's CSRF token in the URL of a GET request. This could be exploited by an attacker with access to network traffic to perform unauthorized actions.
Remediation
References
Related Vulnerabilities
WordPress Plugin Chained Quiz Cross-Site Scripting (1.1.8.1)
WordPress Plugin Better Font Awesome Cross-Site Request Forgery (2.0.1)
WordPress Plugin Alpine PhotoTile for Instagram Cross-Site Scripting (1.2.7.5)
WordPress Plugin SendPress Newsletters Unspecified Vulnerability (1.7.6.11)
WordPress Plugin Dynamic Widgets Multiple Cross-Site Scripting Vulnerabilities (1.5.10)