MEDIUM
submone
CVE published 2026-05-20
CVE-2026-8419
Cross-Site Request Forgery (CSRF) vulnerability in the Amazon Scraper WordPress plugin allows unauthenticated attackers to modify plugin settings and inject malicious web scripts via forged requests, contingent on social engineering an administrator into clicking a malicious link. The vulnerability stems from missing or incorrect nonce validation on an administrative function. Affected versions include al [truncated]