3 matches found
CVE-2023-5819
The Amazonify plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...
Cross site scripting
The Amazonify plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...
CVE-2023-5818
The CVE-2023-5818 entry concerns the WordPress Amazonify plugin; affected versions are all up to 0.8.1. The root cause is missing or incorrect nonce validation in the amazonifyOptionsPage() function, leading to Cross-Site Request Forgery. This enables unauthenticated attackers to update plugin se...