Security researcher Ali Razzaq has discovered that existing sessions are not correctly invalidated when a user changes their password in the back end or front end. The security vulnerability has the identifier CVE-2019-10641.


Read more about 'Security vulnerability CVE-2019-10641'...