4 matches found
CVE-2024-1043
CVE-2024-1043 affects the WordPress plugin AMP for WP – Accelerated Mobile Pages. A missing capability check in the function amppb_remove_saved_layout_data in all versions up to 1.0.93.1 allows authenticated users with contributor access and above to delete arbitrary posts. Affected versions:
CVE-2024-9598
CVE-2024-9598 affects the AMP for WP – Accelerated Mobile Pages WordPress plugin (versions up to 1.0.99.1). The root cause is missing or incorrect nonce validation in the proxy function, enabling Cross-Site Request Forgery that could cause an unauthenticated attacker to trigger actions on behalf ...
CVE-2024-6896
CVE-2024-6896 (AMP for WP – Accelerated Mobile Pages) affects the WordPress AMP for WP plugin. The vulnerability is a Stored Cross-Site Scripting via SVG file uploads in all versions up to and including 1.0.96.1, caused by insufficient input sanitization and output escaping. Exploitation requires...
CVE-2024-11254
CVE-2024-11254 (AMP for WP – Accelerated Mobile Pages, WordPress) Vulnerability: Reflected cross-site scripting via the disqus_name parameter. Affected product: AMP for WP plugin for WordPress. Impact: Unauthenticated attackers can inject arbitrary scripts into pages executed in user browsers whe...