CVE-2018-13010

Name of the Vulnerable Software and Affected Versions WSTMall version 1.9.1 170316

Description The issue allows for CSRF via the "index.php?m=Admin&c=Users&a=edit" API endpoint to add a user account. This is achieved by exploiting the lack of proper CSRF protection, allowing an attacker to perform unauthorized actions.

Recommendations For WSTMall version 1.9.1 170316, as a temporary workaround, consider implementing proper CSRF protection mechanisms to prevent unauthorized requests to the "index.php?m=Admin&c=Users&a=edit" endpoint. At the moment, there is no information about a newer version that contains a fix for this issue.