CVE-2022-1830
CVE-2022-1830 affects the WordPress plugin Amazon Einzeltitellinks (versions ≤ 1.3.3). The root cause is absence of CSRF protection when updating settings, allowing an authenticated admin to perform changes via CSRF and triggering Stored XSS due to insufficient sanitisation/escaping. Exploitation...