* Advisory ID: DRUPAL-SA-CONTRIB-2017-074
* Project: Flag clear
* Version: 7.x
* Date: 2017-September-13
* Security risk: 14/25 ( Moderately Critical)
* Vulnerability: Cross Site Request Forgery
The Flag clear module allows administrators to remove user flags for content.
This functionality is often useful in user-submission use-cases, where users
do not necessarily need to unflag things on their own.
The module doesn't sufficiently confirm a user's intent to take unflagging
* All Flag clear module versions prior to 7.x-1.10.
Drupal core is not affected. If you do not use the contributed Flag clear module, there is nothing you need to do.
Install the latest version:
* If you use the Flag clear module for Drupal 7.x, upgrade to Flag clear
Also see the Flag clear project page: https://www.drupal.org/project/flag_clear