CSRF Vulnerability in Admin Order Update Endpoint Allows Unauthorized Status Manipulation

A Cross-Site Request Forgery (CSRF) vulnerability was identified in an admin order update endpoint, which relies solely on cookie-based authentication without additional validation. The flaw allows any same-session webpage to manipulate an order's status on behalf of an authenticated admin. No specific software, version numbers, or CVE identifiers were disclosed in the report. The impact involves unauthorized modification of order statuses by exploiting the lack of CSRF protections. The vulnerability was documented in a security notice without mention of exploitation timelines or affected platforms.