There is a possibility of a CSRF attack via the user options page which could allow an attacker to discover a user's password.
There is a possibility of a CSRF attack via the user options page which could allow an attacker to discover a user's password.