EUVD-2022-34795

Malicious code in bioql PyPI...

CVE-2022-2541 uContext for Amazon <= 3.9.1 - Cross-Site Request Forgery to Cross-Site Scripting

The uContext for Amazon plugin for WordPress is vulnerable to Cross-Site Request Forgery to Cross-Site Scripting in versions up to, and including 3.9.1. This is due to missing nonce validation in the /app/sites/ajax/actions/keywordsave.php file that is called via the doAjax function. This makes i...