Lucene search
WpvulndbWPVDB-ID:B1527BF8-4761-4AD6-8E3C-81F392F0C1A8HistoryNov 23, 2023 - 12:00 a.m.
Amazonify <= 0.8.1 - Authenticated (Admin+) Stored Cross-Site Scripting
2023-11-2300:00:00
wpscan.com
7
amazonify plugin
wordpress
stored cross-site scripting
authenticated
admin permissions
input sanitization
output escaping
Description The Amazonify plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. However, please note that this can also be combined with CVE-2023-5818 for CSRF to XSS.
Related
cve
cve
CVE-2023-5819
2023-11-07 20:15:09
CVE-2023-5818
2023-11-07 20:15:09
prion
prion
Cross site scripting
2023-11-07 20:15:00
Cross site request forgery (csrf)
2023-11-07 20:15:00
nvd
nvd
CVE-2023-5819
2023-11-07 20:15:09
CVE-2023-5818
2023-11-07 20:15:09
cvelist
cvelist
CVE-2023-5819
2023-11-07 19:31:34
CVE-2023-5818
2023-11-07 19:31:33
wpvulndb
wpvulndb
Amazonify <= 0.8.1 - Cross-Site Request Forgery to Amazon Tracking ID Update
2023-11-23 00:00:00
wordfence
wordfence
AI Score
5.9
Confidence
High
EPSS
0.001
Percentile
20.5%
Related for WPVDB-ID:B1527BF8-4761-4AD6-8E3C-81F392F0C1A8