cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-5818,https://securityvulnerability.io/vulnerability/CVE-2023-5818,Cross-Site Request Forgery Vulnerability in Amazonify Plugin for WordPress,"The Amazonify plugin for WordPress is susceptible to Cross-Site Request Forgery (CSRF) due to inadequate nonce validation in the amazonifyOptionsPage() function. This vulnerability allows unauthorized attackers to modify the plugin's settings, such as the Amazon Tracking ID, by deceiving an administrator into executing arbitrary actions, like clicking on manipulated links. Users of the Amazonify plugin should ensure they update to a secure version and implement additional security measures to mitigate potential risks.",Wordpress,Amazonify,4.3,MEDIUM,0.0005099999834783375,false,,false,false,false,,false,false,2023-11-07T20:15:00.000Z,0
CVE-2023-5819,https://securityvulnerability.io/vulnerability/CVE-2023-5819,Stored Cross-Site Scripting Vulnerability in Amazonify Plugin for WordPress,"The Amazonify plugin for WordPress is exposed to a Stored Cross-Site Scripting vulnerability due to inadequate input sanitization and lack of output escaping within its admin settings. This flaw allows authenticated attackers, with administrator privileges, to inject malicious scripts that execute when users interact with compromised pages. The vulnerability primarily affects installations that have multi-site configurations or where the 'unfiltered_html' option is disabled. It’s crucial to note that this issue can be exploited alongside another vulnerability, facilitating broader CSRF to XSS attack vectors.",Wordpress,Amazonify,4.8,MEDIUM,0.0005799999926239252,false,,false,false,false,,false,false,2023-11-07T20:15:00.000Z,0