### Impact In a CSRF attack, an innocent end user is tricked by an attacker into submitting a web request that they did not intend. This may cause actions to be performed on the website that can include inadvertent client or server data leakage, change of session state, or manipulation of an end user's account. ### Patch Upgrade to v2022.09.10 to patch this vulnerability. ### Workarounds Rebuild and redeploy the Orchest `auth-server` with this commit: https://github.com/orchest/orchest/commit/c2587a963cca742c4a2503bce4cfb4161bf64c2d ### References https://en.wikipedia.org/wiki/Cross-site_request_forgery https://cwe.mitre.org/data/definitions/352.html ### For more information If you have any questions or comments about this advisory: * Open an issue in https://github.com/orchest/orchest * Email us at Cette adresse e-mail est protégée contre les robots spammeurs. Vous devez activer le JavaScript pour la visualiser. (CVSS:0.0) (Last Update:2022-09-30)

Cross-Site Request Forgery (CSRF) vulnerability in Rate my Post – WP Rating System plugin

Cross-Site Request Forgery (CSRF) vulnerability in Seriously Simple Podcasting plugin

Cross-Site Request Forgery (CSRF) vulnerability in SEO Redirection plugin

Cross-Site Request Forgery (CSRF) vulnerability in Customer Reviews for WooCommerce plugin

Cross-Site Request Forgery (CSRF) vulnerability in Kraken.io Image Optimizer plugin

Cross-Site Request Forgery (CSRF) vulnerability in AlgolPlus Advanced Dynamic Pricing for WooCommerce plugin

Cross-Site Request Forgery (CSRF) vulnerability in Read more By Adam plugin