Lucene search
K

66 matches found

Cvelist
Cvelist
added 2026/01/09 8:20 a.m.26 views

CVE-2026-0627 AMP for WP <= 1.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via SVG File Upload

The AMP for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file uploads in all versions up to, and including, 1.1.10. This is due to insufficient sanitization of SVG file content that only removes tags while allowing other XSS vectors such as event handlers onload,...

6.4CVSS0.00188EPSS
Exploits0References4
CVE
CVE
added 2026/01/09 8:20 a.m.17 views

CVE-2026-0627

CVE-2026-0627 affects the AMP for WP plugin for WordPress (vulnerable up to 1.1.10). It is a stored XSS via malicious SVG uploads; requires Author-level authentication and executes when a user views the uploaded file. The issue arises from insufficient sanitization that only removes script tags, ...

6.4CVSS4.4AI score0.00188EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/01/09 12:0 a.m.4 views

WordPress plugin AMP for WP 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

6.4CVSS5.8AI score0.00188EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/09 12:0 a.m.8 views

PT-2026-1963

Name of the Vulnerable Software and Affected Versions AMP for WP plugin for WordPress versions prior to 1.1.11 Description The AMP for WP plugin for WordPress is susceptible to Stored Cross-Site Scripting through SVG file uploads. Insufficient sanitization of SVG file content allows for the...

6.4CVSS5.5AI score0.00188EPSS
Exploits0References8
Patchstack
Patchstack
added 2026/01/08 10:59 p.m.8 views

WordPress AMP for WP plugin <= 1.1.10 - Authenticated Stored Cross-Site Scripting via SVG File Upload vulnerability

Authenticated Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by andrea bocchetti in WordPress Plugin AMP for WP versions = 1.1.10...

6.4CVSS5.7AI score0.00188EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/07 4:32 a.m.3 views

CVE-2025-14468 AMP for WP – Accelerated Mobile Pages <= 1.1.9 - Cross-Site Request Forgery to Comment Submission

The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.9. This is due to inverted nonce verification logic in the ampthemeajaxcomments AJAX handler, which rejects requests with VALID nonces and accepts...

4.3CVSS5.3AI score0.00132EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2018-13378

Malware in sbrugna...

5.4CVSS5.5AI score0.01078EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-10263

Malware in sbrugna...

4.8CVSS5.2AI score0.00535EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-10314

Malware in sbrugna...

4.8CVSS5.2AI score0.00535EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-58994

Malicious code in bioql PyPI...

6.4CVSS6.6AI score0.00449EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-16380

Malicious code in bioql PyPI...

6.1CVSS7AI score0.00443EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-40073

Malicious code in bioql PyPI...

6.3CVSS6.5AI score0.00376EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2023-52377

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00377EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:48 a.m.11 views

CVE-2024-43146

Missing Authorization vulnerability in Ahmed Kaludi, Mohammed Kaludi AMP for WP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AMP for WP: from n/a through 1.0.96.1...

6.3CVSS6.9AI score0.00376EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 8:1 a.m.13 views

CVE-2024-6896

The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.96.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.8AI score0.00313EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:24 a.m.6 views

CVE-2024-0587

The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'disqusname' parameter in all versions up to, and including, 1.0.92.1 due to insufficient input sanitization and output escaping on the executed JS file. This makes it possible f...

6.1CVSS6.3AI score0.00443EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:42 a.m.6 views

CVE-2023-48321

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ahmed Kaludi, Mohammed Kaludi AMP for WP – Accelerated Mobile Pages allows Stored XSS.This issue affects AMP for WP – Accelerated Mobile Pages: from n/a through 1.0.88.1...

6.5CVSS6.7AI score0.00377EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:6 a.m.11 views

CVE-2023-6782

The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.0.92 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.8AI score0.00449EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:50 a.m.7 views

CVE-2018-20838

ampforwpsavestepsdata in the AMP for WP plugin before 0.9.97.21 for WordPress allows stored XSS...

5.4CVSS6.8AI score0.01078EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 4:42 a.m.8 views

CVE-2024-9598

The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.99.1. This is due to missing or incorrect nonce validation on the 'proxy' function. This makes it possible for unauthenticated attackers to send the...

8.8CVSS6.4AI score0.00261EPSS
Exploits0References1
Rows per page
Query Builder