Lucene search
K
AmpforwpAccelerated Mobile Pages

7 matches found

CVE
CVE
added 2024/02/20 6:56 p.m.97 views

CVE-2024-1043

CVE-2024-1043 affects the WordPress plugin AMP for WP – Accelerated Mobile Pages. A missing capability check in the function amppb_remove_saved_layout_data in all versions up to 1.0.93.1 allows authenticated users with contributor access and above to delete arbitrary posts. Affected versions:

6.5CVSS6.8AI score0.00659EPSS
CVE
CVE
added 2022/03/18 6:0 p.m.87 views

CVE-2021-23150

The CVE-2021-23150 entry describes an Authenticated Stored Cross-Site Scripting (XSS) vulnerability in the WordPress AMP for WP – Accelerated Mobile Pages plugin up to version 1.0.77.31. Affected component: AMP for WP plugin; root cause: stored XSS exploitable by users with admin+ privileges. Imp...

4.8CVSS4.9AI score0.00535EPSS
CVE
CVE
added 2022/03/18 6:0 p.m.85 views

CVE-2021-23209

The CVE-2021-23209 entry concerns the WordPress AMP for WP – Accelerated Mobile Pages plugin (versions ≤ 1.0.77.32). The vulnerability is multiple authenticated (admin role required) persistent cross-site scripting (XSS) vulnerabilities. The root cause details are not explicitly provided in the l...

4.8CVSS5.2AI score0.00535EPSS
CVE
CVE
added 2024/10/25 7:37 a.m.57 views

CVE-2024-9598

CVE-2024-9598 affects the AMP for WP – Accelerated Mobile Pages WordPress plugin (versions up to 1.0.99.1). The root cause is missing or incorrect nonce validation in the proxy function, enabling Cross-Site Request Forgery that could cause an unauthenticated attacker to trigger actions on behalf ...

8.8CVSS8.4AI score0.00261EPSS
CVE
CVE
added 2024/07/24 11:0 a.m.55 views

CVE-2024-6896

CVE-2024-6896 (AMP for WP – Accelerated Mobile Pages) affects the WordPress AMP for WP plugin. The vulnerability is a Stored Cross-Site Scripting via SVG file uploads in all versions up to and including 1.0.96.1, caused by insufficient input sanitization and output escaping. Exploitation requires...

6.4CVSS5.7AI score0.00332EPSS
CVE
CVE
added 2024/12/18 3:22 a.m.54 views

CVE-2024-11254

CVE-2024-11254 (AMP for WP – Accelerated Mobile Pages, WordPress) Vulnerability: Reflected cross-site scripting via the disqus_name parameter. Affected product: AMP for WP plugin for WordPress. Impact: Unauthenticated attackers can inject arbitrary scripts into pages executed in user browsers whe...

6.1CVSS6AI score0.00272EPSS
CVE
CVE
added 2024/01/23 6:46 a.m.44 views

CVE-2024-0587

The CVE CVE-2024-0587 affects the AMP for WP – Accelerated Mobile Pages WordPress plugin. The vulnerability is a Reflected Cross-Site Scripting via the disqus_name parameter in all versions up to and including 1.0.92.1, caused by insufficient input sanitization and output escaping on the executed...

6.1CVSS6.4AI score0.00443EPSS