Vulnerabilities and security researches foraccelerated-mobile-pages accelerated-mobile-pages

Direction: descending

Dec 18, 2024

AMP for WP – Accelerated Mobile Pages # CVE-2024-11254

CVE, Research URL: CVE-2024-11254
Home page URL: Security reports for AMP for WP – Accelerated Mobile Pages
Application: AMP for WP – Accelerated Mobile Pages
Date: Dec 18, 2024
Research Description: The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the disqus_name parameter in all versions up to, and including, 1.1.1 due to insufficient input validation. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Affected versions: Min -, max -.
Status: vulnerable

Oct 25, 2024

AMP for WP – Accelerated Mobile Pages # CVE-2024-9598

CVE, Research URL: CVE-2024-9598
Home page URL: Security reports for AMP for WP – Accelerated Mobile Pages
Application: AMP for WP – Accelerated Mobile Pages
Date: -
Research Description: AMP for WP – Accelerated Mobile Pages [accelerated-mobile-pages] < 1.0.99.2 CVE-2024-9598
Affected versions: Min -, max -.
Status: vulnerable

Aug 12, 2024

AMP for WP – Accelerated Mobile Pages # CVE-2024-43146

CVE, Research URL: CVE-2024-43146
Home page URL: Security reports for AMP for WP – Accelerated Mobile Pages
Application: AMP for WP – Accelerated Mobile Pages
Date: Nov 01, 2024
Research Description: Missing Authorization vulnerability in Ahmed Kaludi, Mohammed Kaludi AMP for WP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AMP for WP: from n/a through 1.0.96.1.
Affected versions: Min -, max -.
Status: vulnerable

Jul 25, 2024

AMP for WP – Accelerated Mobile Pages # CVE-2024-6896

CVE, Research URL: CVE-2024-6896
Home page URL: Security reports for AMP for WP – Accelerated Mobile Pages
Application: AMP for WP – Accelerated Mobile Pages
Date: Jul 24, 2024
Research Description: The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.96.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.
Affected versions: Min -, max -.
Status: vulnerable

Jun 07, 2024

AMP for WP – Accelerated Mobile Pages # CVE-2024-0587

CVE, Research URL: CVE-2024-0587
Home page URL: Security reports for AMP for WP – Accelerated Mobile Pages
Application: AMP for WP – Accelerated Mobile Pages
Date: Jan 23, 2024
Research Description: The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'disqus_name' parameter in all versions up to, and including, 1.0.92.1 due to insufficient input sanitization and output escaping on the executed JS file. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Affected versions: Min -, max -.
Status: vulnerable

AMP for WP – Accelerated Mobile Pages # CVE-2021-23150

CVE, Research URL: CVE-2021-23150
Home page URL: Security reports for AMP for WP – Accelerated Mobile Pages
Application: AMP for WP – Accelerated Mobile Pages
Date: Mar 18, 2022
Research Description: Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability discovered in AMP for WP – Accelerated Mobile Pages plugin <= 1.0.77.31 versions.
Affected versions: Min -, max -.
Status: vulnerable

AMP for WP – Accelerated Mobile Pages # CVE-2021-23209

CVE, Research URL: CVE-2021-23209
Home page URL: Security reports for AMP for WP – Accelerated Mobile Pages
Application: AMP for WP – Accelerated Mobile Pages
Date: Mar 18, 2022
Research Description: Multiple Authenticated (admin user role) Persistent Cross-Site Scripting (XSS) vulnerabilities discovered in AMP for WP – Accelerated Mobile Pages WordPress plugin (versions <= 1.0.77.32).
Affected versions: Min -, max -.
Status: vulnerable

AMP for WP – Accelerated Mobile Pages # CVE-2024-1043

CVE, Research URL: CVE-2024-1043
Home page URL: Security reports for AMP for WP – Accelerated Mobile Pages
Application: AMP for WP – Accelerated Mobile Pages
Date: Feb 29, 2024
Research Description: The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'amppb_remove_saved_layout_data' function in all versions up to, and including, 1.0.93.1. This makes it possible for authenticated attackers, with contributor access and above, to delete arbitrary posts on the site.
Affected versions: Min -, max -.
Status: vulnerable

AMP for WP – Accelerated Mobile Pages # CVE-2023-48321

CVE, Research URL: CVE-2023-48321
Home page URL: Security reports for AMP for WP – Accelerated Mobile Pages
Application: AMP for WP – Accelerated Mobile Pages
Date: Nov 30, 2023
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ahmed Kaludi, Mohammed Kaludi AMP for WP – Accelerated Mobile Pages allows Stored XSS.This issue affects AMP for WP – Accelerated Mobile Pages: from n/a through 1.0.88.1.
Affected versions: Min -, max -.
Status: vulnerable

AMP for WP – Accelerated Mobile Pages # CVE-2023-6782

CVE, Research URL: CVE-2023-6782
Home page URL: Security reports for AMP for WP – Accelerated Mobile Pages
Application: AMP for WP – Accelerated Mobile Pages
Date: Jan 11, 2024
Research Description: The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.0.92 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

AMP for WP – Accelerated Mobile Pages # CVE-2018-20838

CVE, Research URL: CVE-2018-20838
Home page URL: Security reports for AMP for WP – Accelerated Mobile Pages
Application: AMP for WP – Accelerated Mobile Pages
Date: May 13, 2019
Research Description: ampforwp_save_steps_data in the AMP for WP plugin before 0.9.97.21 for WordPress allows stored XSS.
Affected versions: Min -, max -.
Status: vulnerable

Vulnerabilities and security researches foraccelerated-mobile-pages accelerated-mobile-pages

AMP for WP &#8211; Accelerated Mobile Pages # CVE-2024-11254

AMP for WP &#8211; Accelerated Mobile Pages # CVE-2024-9598

AMP for WP &#8211; Accelerated Mobile Pages # CVE-2024-43146

AMP for WP &#8211; Accelerated Mobile Pages # CVE-2024-6896

AMP for WP &#8211; Accelerated Mobile Pages # CVE-2024-0587

AMP for WP &#8211; Accelerated Mobile Pages # CVE-2021-23150

AMP for WP &#8211; Accelerated Mobile Pages # CVE-2021-23209

AMP for WP &#8211; Accelerated Mobile Pages # CVE-2024-1043

AMP for WP &#8211; Accelerated Mobile Pages # CVE-2023-48321

AMP for WP &#8211; Accelerated Mobile Pages # CVE-2023-6782

AMP for WP &#8211; Accelerated Mobile Pages # CVE-2018-20838

AMP for WP – Accelerated Mobile Pages # CVE-2024-11254

AMP for WP – Accelerated Mobile Pages # CVE-2024-9598

AMP for WP – Accelerated Mobile Pages # CVE-2024-43146

AMP for WP – Accelerated Mobile Pages # CVE-2024-6896

AMP for WP – Accelerated Mobile Pages # CVE-2024-0587

AMP for WP – Accelerated Mobile Pages # CVE-2021-23150

AMP for WP – Accelerated Mobile Pages # CVE-2021-23209

AMP for WP – Accelerated Mobile Pages # CVE-2024-1043

AMP for WP – Accelerated Mobile Pages # CVE-2023-48321

AMP for WP – Accelerated Mobile Pages # CVE-2023-6782

AMP for WP – Accelerated Mobile Pages # CVE-2018-20838