Description
OpenMage LTS before versions 19.4.6 and 20.0.2 allows attackers to circumvent the `fromkey protection` in the Admin Interface and increases the attack surface for Cross Site Request Forgery attacks. This issue is related to Adobe's CVE-2020-9690. It is patched in versions 19.4.6 and 20.0.2.
Remediation
References
Related Vulnerabilities
WordPress Plugin RoyalSlider Cross-Site Scripting (3.2.6)
WordPress Plugin WooCommerce Multi Currency-Currency Switcher Security Bypass (2.1.17)
WordPress Plugin DethemeKit For Elementor Multiple Cross-Site Scripting Vulnerabilities (1.5.5.4)
WordPress Plugin CloudFlare Multiple Cross-Site Scripting Vulnerabilities (1.3.20)
WordPress Plugin Import Spreadsheets from Microsoft Excel Arbitrary File Upload (10.1.4)