A cross-site request forgery (CSRF) vulnerability continues to be present in the Magmi plugin for Magento online stores, despite developers receiving a report from researchers that discovered it.
Hackers can use the flaw to execute arbitrary code on servers running Magmi (Magento Mass Importer) by tricking authenticated administrators into clicking a malicious link.
The plugin works as a Magento database client that can add a large number of products (millions, according to its
wiki page) to a catalog or update it.
700,000 WordPress Sites Vulnerable to Takeover, No Fix Available
Zyxel won’t patch newly exploited flaws in end-of-life routers
Three Unpatched Vulnerabilities Plague Comodo. Documented Online.