The lack of CSRF and Authorisations checks in some AJAX methods, such as qligg_dismiss_notice and qligg_form_item_delete could allow attacker to perform unauthorised actions via actions when logged in as a low privilege user, or via CSRF attacks.
CPE | Name | Operator | Version |
---|---|---|---|
insta-gallery | lt | 2.4.8 |