GHSA-4j8w-p6hv-3qxc: Cross-Site Request Forgery (CSRF) in automad/automad

automad up to 1.10.9 does not implement anti-CSRF tokens by default, making it vulnerable Cross-Site Request Forgery (CSRF). An attacker may exploit this vulnerability to force an admin into creating or deleting users. An exploit has been disclosed publicly.