CVE-2022-27629

Name of the Vulnerable Software and Affected Versions MicroPayments - Paid Author Subscriptions, Content, Downloads, Membership versions prior to 1.9.6

Description A cross-site request forgery (CSRF) issue allows a remote unauthenticated attacker to hijack the authentication of an administrator and perform unintended operations via unspecified vectors.

Recommendations For versions prior to 1.9.6, update to version 1.9.6 or later to resolve the issue. As a temporary workaround, consider implementing additional authentication checks to minimize the risk of exploitation. Restrict access to sensitive operations to minimize the risk of unintended actions by an attacker.