Lucene search
WpvulndbWPVDB-ID:6F585C85-22B7-491E-8124-5AD6E7EFCF4FHistoryNov 23, 2023 - 12:00 a.m.
Amazonify <= 0.8.1 - Cross-Site Request Forgery to Amazon Tracking ID Update
2023-11-2300:00:00
wpscan.com
10
amazonify
wordpress
csrf
cross-site request forgery
amazon tracking id
vulnerability
Description The Amazonify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.8.1. This is due to missing or incorrect nonce validation on the amazonifyOptionsPage() function. This makes it possible for unauthenticated attackers to update the plugins settings, including the Amazon Tracking ID, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Related
prion
prion
Cross site request forgery (csrf)
2023-11-07 20:15:00
Cross site scripting
2023-11-07 20:15:00
nvd
nvd
CVE-2023-5818
2023-11-07 20:15:09
CVE-2023-5819
2023-11-07 20:15:09
cve
cve
CVE-2023-5818
2023-11-07 20:15:09
CVE-2023-5819
2023-11-07 20:15:09
cvelist
cvelist
CVE-2023-5818
2023-11-07 19:31:33
CVE-2023-5819
2023-11-07 19:31:34
wpvulndb
wpvulndb
Amazonify <= 0.8.1 - Authenticated (Admin+) Stored Cross-Site Scripting
2023-11-23 00:00:00
wordfence
wordfence
AI Score
6.7
Confidence
Low
EPSS
0.001
Percentile
20.5%
Related for WPVDB-ID:6F585C85-22B7-491E-8124-5AD6E7EFCF4F