Description qdPM 9.2 allows Cross-Site Request Forgery (CSRF) via the index.php/myAccount/update URI. Remediation References CVE-2022-26180 Related Vulnerabilities Zenphoto Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-5594) WordPress Plugin Leaflet Maps Marker Pro Multiple Vulnerabilities (1.5.7) WordPress Plugin Subscribe Form Remote Command Execution (1.1) PHP Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2012-2311) WordPress 3.8.x Multiple Vulnerabilities (3.8 - 3.8.17) Severity High Classification CVE-2022-26180 CWE-352 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Tags Missing Update Known Vulnerabilities