CVE-2026-8419

Name of the Vulnerable Software and Affected Versions Amazon Scraper versions prior to 1.2

Description The Amazon Scraper plugin for WordPress contains a Cross-Site Request Forgery (CSRF) flaw. This occurs because of missing or incorrect nonce validation—a security token used to ensure requests are intentional—on a function. This allows unauthenticated attackers to update settings and inject malicious web scripts via a forged request, provided they can trick a site administrator into performing an action, such as clicking a link.

Recommendations Update the plugin to a version later than 1.1.