drupal/lingotek is vulnerable to Cross-Site Request Forgery
42
Medium Risk
The Lingotek Ray Enterprise Translation provides multilingual site management. The module fails to protect several state-changing administrative routes against Cross Site Request Forgery attacks. An attacker could trick a privileged user into visiting a crafted page that triggers actions such as updating callback settings, uploading or downloading translations, or changing translation state.
You are affected if you are using a version that falls within the vulnerable range.
drupal/lingotek is vulnerable to Cross-Site Request Forgery in versions 0.0.1 - 4.0.3, 4.1.0 - 4.1.3 and 11.0.0 - 11.0.3.
Upgrade the drupal/lingotek module to the patch version.
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.

SOC 2Compliant
ISO 27001Compliant