GHSA-H8GR-QWR6-M9GX Admidio is Missing CSRF Protection on Role Membership Date Changes

Summary The savemembership action in modules/profile/profilefunction.php saves changes to a member's role membership start and end dates but does not validate the CSRF token. The handler checks stopmembership and removeformermembership against the CSRF token but omits savemembership from that...