2 matches found
CVE-2023-5818
The CVE-2023-5818 entry concerns the WordPress Amazonify plugin; affected versions are all up to 0.8.1. The root cause is missing or incorrect nonce validation in the amazonifyOptionsPage() function, leading to Cross-Site Request Forgery. This enables unauthenticated attackers to update plugin se...
CVE-2023-5819
CVE-2023-5819 concerns the WordPress Amazonify plugin. The vulnerability is a Stored Cross-Site Scripting issue in admin settings for all versions up to 0.8.1, caused by insufficient input sanitization and output escaping. It can be exploited by authenticated attackers with administrator-level pe...