WordPress AMP extensions plugin <= 1.1 - Reflected Cross-Site Scripting (XSS) vulnerability

2021-08-09T00:00:00

Description

Reflected Cross-Site Scripting (XSS) vulnerability discovered by iohex and WPScanTeam in WordPress AMP extensions plugin (versions <= 1.1). ## Solution 2021-08-25 - no patched version is available. Deactivate and delete.

Affected Software

CPE Name	Name	Version
	amp extensions	1.1

{"id": "PATCHSTACK:DD540B0B7C91A2A8DA5667A00544A3E7", "vendorId": null, "type": "patchstack", "bulletinFamily": "software", "title": "WordPress AMP extensions plugin <= 1.1 - Reflected Cross-Site Scripting (XSS) vulnerability", "description": "Reflected Cross-Site Scripting (XSS) vulnerability discovered by iohex and WPScanTeam in WordPress AMP extensions plugin (versions <= 1.1).\n\n## Solution\n\n\r\n 2021-08-25 - no patched version is available. Deactivate and delete.\n", "published": "2021-08-09T00:00:00", "modified": "2021-08-09T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://patchstack.com/database/vulnerability/amp-extensions/wordpress-amp-extensions-plugin-1-1-reflected-cross-site-scripting-xss-vulnerability", "reporter": "WPScanTeam", "references": ["https://wpscan.com/vulnerability/a88ffc42-6611-406e-8660-3af24c9cc5e8", "https://wordpress.org/plugins/amp-extensions/"], "cvelist": [], "immutableFields": [], "lastseen": "2022-06-01T19:31:05", "viewCount": 1, "enchantments": {"vulnersScore": "PENDING"}, "_state": {}, "_internal": {}, "affectedSoftware": [{"version": "1.1", "operator": "le", "name": "amp extensions"}], "vendor_cvss": {"score": "3.1", "severity": "High severity"}, "owasp": "A7: Cross-Site Scripting (XSS)", "classification": "Cross Site Scripting (XSS)"}

WordPress AMP extensions plugin &lt;= 1.1 - Reflected Cross-Site Scripting (XSS) vulnerability

Description

Affected Software

WordPress AMP extensions plugin <= 1.1 - Reflected Cross-Site Scripting (XSS) vulnerability