Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
4.3
CVE-2020-7210: Umbraco CMS: Unauthorized user account takeover via web request
GHSA-gqqf-8cx6-9r7h
CVE-2020-7210
Summary
If an attacker sends a special request, they can take control of any Umbraco user account. This means they could delete or modify accounts, which is a serious security risk. You should update to the latest version of Umbraco to fix this issue.
What to do
- Update umbracocms.core to version 8.5.0.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| nuget | – | umbracocms.core |
< 8.5.0 Fix: upgrade to 8.5.0
|
Original title
Umbraco CMS vulnerable to CSRF
Original description
Umbraco CMS 8.2.2 allows CSRF to enable/disable or delete user accounts.
ghsa CVSS3.1
4.3
Vulnerability type
CWE-352
Cross-Site Request Forgery (CSRF)
- https://nvd.nist.gov/vuln/detail/CVE-2020-7210
- https://sec-consult.com/en/blog/advisories/cross-site-request-forgery-csrf-in-um...
- https://seclists.org/bugtraq/2020/Jan/35
- http://packetstormsecurity.com/files/156062/Umbraco-CMS-8.2.2-Cross-Site-Request...
- http://seclists.org/fulldisclosure/2020/Jan/33
- https://github.com/advisories/GHSA-gqqf-8cx6-9r7h
Published: 24 May 2022 · Updated: 15 Jun 2026 · First seen: 6 Mar 2026