Description
GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csrf_token value is not specific to a single user account. An attacker can obtain a value within the context of an unprivileged user account, and then use that value in a CSRF attack against an admin (e.g., for account takeover).
Remediation
References
Related Vulnerabilities
WordPress Plugin Wordfence Security-Firewall & Malware Scan Multiple Vulnerabilities (5.2.3)
WordPress 3.7.x Multiple Vulnerabilities (3.7 - 3.7.16)
WordPress Plugin WordPress Download Manager Unspecified Vulnerability (3.1.18)
TYPO3 Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-2717)
Joomla Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3747)