Lucene search
+L

9 matches found

redhatcve
redhatcve
added 2026/06/05 7:23 p.m.9 views

CVE-2026-8419

The Amazon Scraper plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scrip...

4.3CVSS5.4AI score0.00191EPSS
Exploits0References1
nvd
nvd
added 2026/05/20 2:16 a.m.19 views

CVE-2026-8419

The Amazon Scraper plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scrip...

4.3CVSS0.00191EPSS
Exploits0References9
attackerkb
attackerkb
added 2026/05/20 1:25 a.m.7 views

CVE-2026-8419

The Amazon Scraper plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scrip...

4.3CVSS5.7AI score0.00191EPSS
Exploits0References10
vulnrichment
vulnrichment
added 2026/05/20 1:25 a.m.10 views

CVE-2026-8419 Amazon Scraper <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting via Settings Update

The Amazon Scraper plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scrip...

4.3CVSS5.7AI score0.00191EPSS
Exploits0References9
cve
cve
added 2026/05/20 1:25 a.m.18 views

CVE-2026-8419

The CVE-2026-8419 entry aggregates a CSRF vulnerability in the WordPress Amazon Scraper plugin (versions up to and including 1.1). The underlying issue is missing or incorrect nonce validation in a function, enabling unauthenticated attackers to update settings and inject stored scripts by tricki...

4.3CVSS5.7AI score0.00191EPSS
Exploits0References9
cvelist
cvelist
added 2026/05/20 1:25 a.m.44 views

CVE-2026-8419 Amazon Scraper <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting via Settings Update

The Amazon Scraper plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scrip...

4.3CVSS0.00191EPSS
Exploits0References9
ptsecurity
ptsecurity
added 2026/05/20 12:0 a.m.16 views

PT-2026-42077

Name of the Vulnerable Software and Affected Versions Amazon Scraper versions prior to 1.2 Description The Amazon Scraper plugin for WordPress contains a Cross-Site Request Forgery CSRF flaw. This occurs because of missing or incorrect nonce validation—a security token used to ensure requests are...

4.3CVSS5.7AI score0.00191EPSS
Exploits0References12
cnnvd
cnnvd
added 2026/05/20 12:0 a.m.13 views

WordPress plugin Amazon Scraper 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.3CVSS5.7AI score0.00191EPSS
Exploits0References1
patchstack
patchstack
added 2026/05/19 12:6 p.m.10 views

WordPress Amazon Scraper plugin <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Amazon Scraper versions = 1.1...

4.3CVSS5.8AI score0.00191EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder