Lucene search
K
AmpforwpAccelerated Mobile Pages*

4 matches found

CVE
CVE
added 2024/02/20 6:56 p.m.101 views

CVE-2024-1043

CVE-2024-1043 affects the WordPress plugin AMP for WP – Accelerated Mobile Pages. A missing capability check in the function amppb_remove_saved_layout_data in all versions up to 1.0.93.1 allows authenticated users with contributor access and above to delete arbitrary posts. Affected versions:

6.5CVSS6.8AI score0.00659EPSS
CVE
CVE
added 2024/10/25 7:37 a.m.60 views

CVE-2024-9598

CVE-2024-9598 affects the AMP for WP – Accelerated Mobile Pages WordPress plugin (versions up to 1.0.99.1). The root cause is missing or incorrect nonce validation in the proxy function, enabling Cross-Site Request Forgery that could cause an unauthenticated attacker to trigger actions on behalf ...

8.8CVSS8.4AI score0.00261EPSS
CVE
CVE
added 2024/07/24 11:0 a.m.56 views

CVE-2024-6896

CVE-2024-6896 (AMP for WP – Accelerated Mobile Pages) affects the WordPress AMP for WP plugin. The vulnerability is a Stored Cross-Site Scripting via SVG file uploads in all versions up to and including 1.0.96.1, caused by insufficient input sanitization and output escaping. Exploitation requires...

6.4CVSS5.7AI score0.00332EPSS
CVE
CVE
added 2024/12/18 3:22 a.m.55 views

CVE-2024-11254

CVE-2024-11254 (AMP for WP – Accelerated Mobile Pages, WordPress) Vulnerability: Reflected cross-site scripting via the disqus_name parameter. Affected product: AMP for WP plugin for WordPress. Impact: Unauthenticated attackers can inject arbitrary scripts into pages executed in user browsers whe...

6.1CVSS6AI score0.00277EPSS