Description
qdPM 9.2 allows Cross-Site Request Forgery (CSRF) via the index.php/myAccount/update URI.
Remediation
References
Related Vulnerabilities
WordPress Plugin Store Locator for WordPress with Google Maps-LotsOfLocales SQL Injection (3.11)
MyBB URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2018-10678)
MySQL Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-6662)
WordPress Plugin XVE Various Embed Multiple Cross-Site Scripting Vulnerabilities (1.0.3)