Description
Cross-site request forgery (CSRF) vulnerability in CMS Made Simple before 2.1.6 allows remote attackers to hijack the authentication of administrators for requests that create accounts via an admin/adduser.php request.
Remediation
Update to CMS Made Simple 2.1.6 or later.
References
https://www.cmsmadesimple.org/2016/12/Announcing-CMSMS-v2-1-6-Spanish-Wells/
Related Vulnerabilities
WordPress Plugin WP DSGVO Tools (GDPR) Cross-Site Request Forgery (2.2.18)
WordPress Plugin Solve Media CAPTCHA Cross-Site Request Forgery (1.1.0)
WordPress Plugin Kraken.io Image Optimizer Cross-Site Request Forgery (2.6.5)
WordPress Plugin Zendesk Chat Cross-Site Request Forgery (1.4.5)
WordPress Plugin Slider by 10Web-Responsive Image Slider Cross-Site Request Forgery (1.2.22)