Although there are token fields, this field does not prevent CSRF attacks.
poc:
When the victim accesses the malicious constructed link.
Successfully added an administrator user and tried to log in.
The text was updated successfully, but these errors were encountered:
Although there are token fields, this field does not prevent CSRF attacks.



poc:
When the victim accesses the malicious constructed link.
Successfully added an administrator user and tried to log in.
The text was updated successfully, but these errors were encountered: