7 matches found
CVE-2024-1043
CVE-2024-1043 affects the WordPress plugin AMP for WP – Accelerated Mobile Pages. A missing capability check in the function amppb_remove_saved_layout_data in all versions up to 1.0.93.1 allows authenticated users with contributor access and above to delete arbitrary posts. Affected versions:
CVE-2021-23150
The CVE-2021-23150 entry describes an Authenticated Stored Cross-Site Scripting (XSS) vulnerability in the WordPress AMP for WP – Accelerated Mobile Pages plugin up to version 1.0.77.31. Affected component: AMP for WP plugin; root cause: stored XSS exploitable by users with admin+ privileges. Imp...
CVE-2021-23209
The CVE-2021-23209 entry concerns the WordPress AMP for WP – Accelerated Mobile Pages plugin (versions ≤ 1.0.77.32). The vulnerability is multiple authenticated (admin role required) persistent cross-site scripting (XSS) vulnerabilities. The root cause details are not explicitly provided in the l...
CVE-2024-9598
CVE-2024-9598 affects the AMP for WP – Accelerated Mobile Pages WordPress plugin (versions up to 1.0.99.1). The root cause is missing or incorrect nonce validation in the proxy function, enabling Cross-Site Request Forgery that could cause an unauthenticated attacker to trigger actions on behalf ...
CVE-2024-6896
CVE-2024-6896 (AMP for WP – Accelerated Mobile Pages) affects the WordPress AMP for WP plugin. The vulnerability is a Stored Cross-Site Scripting via SVG file uploads in all versions up to and including 1.0.96.1, caused by insufficient input sanitization and output escaping. Exploitation requires...
CVE-2024-11254
CVE-2024-11254 (AMP for WP – Accelerated Mobile Pages, WordPress) Vulnerability: Reflected cross-site scripting via the disqus_name parameter. Affected product: AMP for WP plugin for WordPress. Impact: Unauthenticated attackers can inject arbitrary scripts into pages executed in user browsers whe...
CVE-2024-0587
The CVE CVE-2024-0587 affects the AMP for WP – Accelerated Mobile Pages WordPress plugin. The vulnerability is a Reflected Cross-Site Scripting via the disqus_name parameter in all versions up to and including 1.0.92.1, caused by insufficient input sanitization and output escaping on the executed...