Title: Multiple Cross-Site Request Forgery on ProcessWire
CVE ID: CVE-2022-40488
CVSSv3 Base Score: 6.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
Advisory Release Date: 06 Apr 2023
Advisory URL: https://labs.integrity.pt/advisories/cve-2022-40488/
Credits: Discovery by Filipe Azevedo (filipaze) <fa[at]integrity.pt> & Guilherme Santos (rondons) <gs[at]integrity.pt>
ProcessWire v3.0.200 was discovered to contain Cross Site Request Forgery in critical functions, allowing a malicious user to create a super admin account.