CVE-2022-2541
CVE-2022-2541 affects the WordPress plugin uContext for Amazon (versions up to and including 3.9.1). The root cause is missing nonce validation in the Ajax handler (~/app/sites/ajax/actions/keyword_save.php) invoked via doAjax(), enabling Cross-Site Request Forgery that can lead to Cross-Site Scr...