CVE-2020-23837

Name of the Vulnerable Software and Affected Versions GetSimple CMS Multi User plugin version 1.8.2

Description A Cross-Site Request Forgery (CSRF) issue allows remote attackers to add admin or other users after an authenticated admin visits a third-party site or clicks on a URL. This occurs because the plugin fails to properly validate requests, enabling attackers to perform unauthorized actions.

Recommendations For GetSimple CMS Multi User plugin version 1.8.2, consider disabling the plugin until a patch is available to prevent exploitation of this issue. Restrict access to admin panels and ensure that all administrators are cautious when clicking on external links or visiting third-party sites to minimize the risk of exploitation.