CVE-2026-8419

The Amazon Scraper plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scrip...

CVE-2026-8419

The Amazon Scraper plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scrip...

CVE-2026-8419

The CVE-2026-8419 entry aggregates a CSRF vulnerability in the WordPress Amazon Scraper plugin (versions up to and including 1.1). The underlying issue is missing or incorrect nonce validation in a function, enabling unauthenticated attackers to update settings and inject stored scripts by tricki...

CVE-2026-8419 Amazon Scraper <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting via Settings Update

The Amazon Scraper plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scrip...

CVE-2026-8419 Amazon Scraper <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting via Settings Update

The Amazon Scraper plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scrip...

PT-2026-42077

Name of the Vulnerable Software and Affected Versions Amazon Scraper versions prior to 1.2 Description The Amazon Scraper plugin for WordPress contains a Cross-Site Request Forgery CSRF flaw. This occurs because of missing or incorrect nonce validation—a security token used to ensure requests are...

Amazon Linux 2023 : python3.14, python3.14-devel, python3.14-freethreading (ALAS2023-2026-1674)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1674 advisory. The import hook in CPython that handles legacy .pyc files SourcelessFileLoader is incorrectly handled in FileLoader a base class and so does not use io.opencode to read the .pyc files. sys.audit handle...

Amazon Linux 2023 : python3-lxml (ALAS2023-2026-1678)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1678 advisory. lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration with resolveentities=True allows untrusted XML input t...

Amazon Linux 2023 : python3.13-lxml (ALAS2023-2026-1679)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1679 advisory. lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration with resolveentities=True allows untrusted XML input t...

Amazon Linux 2023 : editorconfig, editorconfig-devel, editorconfig-libs (ALAS2023-2026-1642)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1642 advisory. editorconfig-core-c is an EditorConfig core library for use by plugins supporting EditorConfig parsing. Versions up to and including 0.12.10 have a stack-based buffer overflow in ecglob that allows an...

Amazon Linux 2023 : freerdp, freerdp-devel, freerdp-libs (ALAS2023-2026-1643)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1643 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol. Versions prior to 3.25.0 have an off-by- one in the path traversal filter in channels/drive/client/drivefile.c. The containsdotdot...

Amazon Linux 2023 : python3.14-pip, python3.14-pip-wheel (ALAS2023-2026-1653)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1653 advisory. pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferr...

Amazon Linux 2023 : cargo, clippy, rust (ALAS2023-2026-1676)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1676 advisory. Double-Free / Use-After-Free UAF in the IntoIter::drop and ThinVec::clear functions in the thinvec crate. A panic in ptr::dropinplace skips setting the length to zero. CVE-2026-6654 Tenable has extract...

Amazon Linux 2023 : dnsmasq, dnsmasq-utils (ALAS2023-2026-1516)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1516 advisory. dnsmasqs extractname function can be abused to cause a heap buffer overflow, allowing an attacker to inject false DNS cache entries, which could result in DNS lookups to redirect to an...

WordPress plugin Amazon Scraper 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

Amazon Linux 2023 : libXpm, libXpm-devel (ALAS2023-2026-1656)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1656 advisory. As per upstream advisory: libXpm Out-of-bounds read in xpmNextWord CVE-2026-4367 Tenable has extracted the preceding description block directly from the tested product security advisory. Note that Ness...

Amazon Linux 2023 : perl-CryptX, perl-CryptX-tests (ALAS2023-2026-1641)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1641 advisory. NOTE: https://lists.security.metacpan.org/cve-announce/msg/39209500/NOTE: https://github.com/DCIT/perl- CryptX/security/advisories/GHSA-24c2-gp6c-24c6NOTE: Fixed by: https://github.com/DCIT/perl-...

Amazon Linux 2023 : wireshark-cli, wireshark-devel (ALAS2023-2026-1677)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1677 advisory. RDP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and possible code execution CVE-2026-5405 Tenable has extracted the preceding description block...

Amazon Linux 2023 : cups, cups-client, cups-devel (ALAS2023-2026-1668)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1668 advisory. OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, CUPS daemon cupsd contains an authorization bypass...

Amazon Linux 2023 : firewalld, firewalld-filesystem, firewalld-test (ALAS2023-2026-1636)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1636 advisory. A flaw was found in firewalld. A local unprivileged user can exploit this vulnerability by mis-authorizing two runtime D-Bus Desktop Bus setters, setZoneSettings2 and setPolicySettings. This...