CVE-2023-5818 MEDIUM

CVE-2023-5818: Amazonify <= 0.8.1 - Cross-Site Request Forgery to Amazon Tracking ID Update

Vendor Garykeorkunian

Product Amazonify

Weakness CWE-352 · CSRF

Published November 7, 2023

Last update April 8, 2026

View on NVD All CVEs

CVSS base score

4.3/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality None

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

The Amazonify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.8.1. This is due to missing or incorrect nonce validation on the amazonifyOptionsPage() function. This makes it possible for unauthenticated attackers to update the plugins settings, including the Amazon Tracking ID, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Key dates

02Disclosure timeline

November 7, 2023 CVE published

April 8, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-5818 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/352.html

Related vulnerabilities

04Related CVE

CVE-2024-37102 WordPress Vilva theme <= 1.2.2 - Cross Site Request Forgery (CSRF) vulnerability CVE-2023-46629 WordPress Remove Add to Cart WooCommerce Plugin <= 1.4.4 is vulnerable to Cross Site Request Forgery (CSRF) CVE-2023-50835 WordPress Advanced Category Template Plugin <= 0.1 is vulnerable to Cross Site Request Forgery (CSRF) CVE-2021-24832 WP SEO Redirect 301 < 2.3.2 - Redirect Deletion via CSRF CVE-2023-51535 WordPress Spam protection, AntiSpam, FireWall by CleanTalk Plugin <= 6.20 is vulnerable to Cross Site Request Forgery (CSRF)