VYPR

Accelerated Mobile Pages

by WordPress

Source repositories

CVEs (4)

  • CVE-2024-43146MedNov 1, 2024
    risk 0.41cvss 6.3epss 0.00

    Missing Authorization vulnerability in Ahmed Kaludi, Mohammed Kaludi AMP for WP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AMP for WP: from n/a through 1.0.96.1.

  • CVE-2026-0627MedJan 9, 2026
    risk 0.35cvss 6.4epss 0.00

    The AMP for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file uploads in all versions up to, and including, 1.1.10. This is due to insufficient sanitization of SVG file content that only removes `` tags while allowing other XSS vectors…

  • CVE-2024-1043MedFeb 29, 2024
    risk 0.35cvss 6.5epss 0.01

    The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'amppb_remove_saved_layout_data' function in all versions up to, and including, 1.0.93.1. This makes it possible for authenticated…

  • CVE-2025-14468MedJan 7, 2026
    risk 0.28cvss 4.3epss 0.00

    The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.9. This is due to inverted nonce verification logic in the amp_theme_ajaxcomments AJAX handler, which rejects requests with VALID…