cleantalk
Vulnerabilities and Security Researches

AMP for WP – Accelerated Mobile Pages, CVE-2024-0587

CVE, Research URL

CVE-2024-0587

Home page URL

Security reports for AMP for WP – Accelerated Mobile Pages

Application

AMP for WP – Accelerated Mobile Pages

Published on
Jan 23, 2024
Research Description
The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'disqus_name' parameter in all versions up to, and including, 1.0.92.1 due to insufficient input sanitization and output escaping on the executed JS file. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Affected versions
Min -, max 1.0.93.
Status
vulnerable
Previous vulnerability researches
AMP for WP – Accelerated Mobile Pages (CVE-2024-0587) , Jun 07, 2024
AMP for WP – Accelerated Mobile Pages (CVE-2021-23150) , Jun 07, 2024
AMP for WP – Accelerated Mobile Pages (CVE-2021-23209) , Jun 07, 2024
AMP for WP – Accelerated Mobile Pages (CVE-2024-1043) , Jun 07, 2024
AMP for WP – Accelerated Mobile Pages (CVE-2023-48321) , Jun 07, 2024
New vulnerability
Themesflat Addons For Elementor (CVE-2025-3275) , Apr 20, 2025
WP Simple Booking Calendar (CVE-2025-39541) , Apr 20, 2025
WordPress Job Board and Recruitment Plugin – JobWP (CVE-2025-2010) , Apr 20, 2025
WP Logger (CVE-2025-39456) , Apr 20, 2025
visualslider Sldier (CVE-2025-23448) , Apr 20, 2025