Mechaneus

**Name of the Vulnerable Software and Affected Versions** SwiftyEdit Content Management System versions prior to 1.2.0 **Description** The issue is related to a Cross-Site Request Forgery (CSRF) vulnerability, which allows remote attackers to escalate privileges via the user password update functionality. This can be exploited by attackers to gain unauthorized access to user accounts. **Recommendations** For versions prior to 1.2.0, update to version 1.2.0 or later to resolve the issue. As a temporary workaround, consider disabling the user password update functionality until a patch is available. Restrict access to the user account management module to minimize the risk of exploitation. Avoid using the `password` variable in the affected API endpoint until the issue is resolved.