JVN#46241173: EC-CUBE plugin "Easy Blog for EC-CUBE4" vulnerable to cross-site request forgery

EC-CUBE plugin "Easy Blog for EC-CUBE4" provided by COREMOBILE Co. Ltd. contains a cross-site request forgery vulnerability CWE-352. Impact If a site administrator who is logging in to the management screen of EC-CUBE on which the plug-in is installed accesses a specially crafted page, a blog...