4 matches found
CVE-2024-11254
The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the disqusname parameter in all versions up to, and including, 1.1.1 due to insufficient input validation. This makes it possible for unauthenticated attackers to inject arbitrary we...
CVE-2024-11254
The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the disqusname parameter in all versions up to, and including, 1.1.1 due to insufficient input validation. This makes it possible for unauthenticated attackers to inject arbitrary we...
PT-2024-16863 · WordPress · Amp For Wp
Name of the Vulnerable Software and Affected Versions: AMP for WP – Accelerated Mobile Pages plugin for WordPress versions prior to 1.1.2 Description: The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the disqus name parameter due t...
CVE-2024-0587
The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'disqusname' parameter in all versions up to, and including, 1.0.92.1 due to insufficient input sanitization and output escaping on the executed JS file. This makes it possible f...