22 matches found
EUVD-2023-58102
Malicious code in bioql PyPI...
EUVD-2023-58101
Malicious code in bioql PyPI...
CVE-2023-5819
The Amazonify plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...
CVE-2023-5818
The Amazonify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.8.1. This is due to missing or incorrect nonce validation on the amazonifyOptionsPage function. This makes it possible for unauthenticated attackers to update the plugins setting...
Amazonify <= 0.8.1 - Cross-Site Request Forgery to Amazon Tracking ID Update
Description The Amazonify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.8.1. This is due to missing or incorrect nonce validation on the amazonifyOptionsPage function. This makes it possible for unauthenticated attackers to update the...
Amazonify <= 0.8.1 - Authenticated (Admin+) Stored Cross-Site Scripting
Description The Amazonify plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
CVE-2023-5819
The Amazonify plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...
CVE-2023-5818
The Amazonify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.8.1. This is due to missing or incorrect nonce validation on the amazonifyOptionsPage function. This makes it possible for unauthenticated attackers to update the plugins setting...
CVE-2023-5819
The Amazonify plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...
Cross site scripting
The Amazonify plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...
Cross site request forgery (csrf)
The Amazonify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.8.1. This is due to missing or incorrect nonce validation on the amazonifyOptionsPage function. This makes it possible for unauthenticated attackers to update the plugins setting...
CVE-2023-5819 Amazonify <= 0.8.1 - Authenticated (Admin+) Stored Cross-Site Scripting
The Amazonify plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...
CVE-2023-5819
CVE-2023-5819 concerns the WordPress Amazonify plugin. The vulnerability is a Stored Cross-Site Scripting issue in admin settings for all versions up to 0.8.1, caused by insufficient input sanitization and output escaping. It can be exploited by authenticated attackers with administrator-level pe...
CVE-2023-5818 Amazonify <= 0.8.1 - Cross-Site Request Forgery to Amazon Tracking ID Update
The Amazonify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.8.1. This is due to missing or incorrect nonce validation on the amazonifyOptionsPage function. This makes it possible for unauthenticated attackers to update the plugins setting...
CVE-2023-5818 Amazonify <= 0.8.1 - Cross-Site Request Forgery to Amazon Tracking ID Update
The Amazonify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.8.1. This is due to missing or incorrect nonce validation on the amazonifyOptionsPage function. This makes it possible for unauthenticated attackers to update the plugins setting...
CVE-2023-5818
The CVE-2023-5818 entry concerns the WordPress Amazonify plugin; affected versions are all up to 0.8.1. The root cause is missing or incorrect nonce validation in the amazonifyOptionsPage() function, leading to Cross-Site Request Forgery. This enables unauthenticated attackers to update plugin se...
WordPress Amazonify Plugin <= 0.8.1 is vulnerable to Cross Site Request Forgery (CSRF)
Software Amazonify Type Plugin Vulnerable versions = 0.8.1 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-5818 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID a36688b74e5b Credits Ala Arfaoui Required privile...
WordPress Plugin Amazonify Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...
WordPress Amazonify Plugin <= 0.8.1 is vulnerable to Cross Site Scripting (XSS)
Software Amazonify Type Plugin Vulnerable versions = 0.8.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5819 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 2ec91eb79aea Credits Ala Arfaoui Required privilege...
WordPress Plugin Amazonify Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...