VYPR

Amp For Wp

by WordPress

CVEs (9)

  • CVE-2023-6782MedJan 11, 2024
    risk 0.42cvss 6.4epss 0.00

    The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.0.92 due to insufficient input sanitization and output escaping on user supplied attributes. This…

  • CVE-2024-0587MedJan 23, 2024
    risk 0.33cvss 6.1epss 0.00

    The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'disqus_name' parameter in all versions up to, and including, 1.0.92.1 due to insufficient input sanitization and output escaping on the executed JS file.…

  • CVE-2024-11254Dec 18, 2024
    risk 0.00cvss epss 0.00

    The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the disqus_name parameter in all versions up to, and including, 1.1.1 due to insufficient input validation. This makes it possible for unauthenticated attackers…

  • CVE-2024-9598Oct 25, 2024
    risk 0.00cvss epss 0.00

    The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.99.1. This is due to missing or incorrect nonce validation on the 'proxy' function. This makes it possible for unauthenticated…

  • CVE-2024-6896Jul 24, 2024
    risk 0.00cvss epss 0.00

    The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.96.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated…

  • CVE-2023-45831Oct 16, 2023
    risk 0.00cvss epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Pixelative, Mohsin Rafique AMP WP – Google AMP For WordPress plugin <= 1.5.15 versions.

  • CVE-2021-23209Mar 18, 2022
    risk 0.00cvss epss 0.01

    Multiple Authenticated (admin user role) Persistent Cross-Site Scripting (XSS) vulnerabilities discovered in AMP for WP – Accelerated Mobile Pages WordPress plugin (versions <= 1.0.77.32).

  • CVE-2021-23150Mar 18, 2022
    risk 0.00cvss epss 0.01

    Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability discovered in AMP for WP – Accelerated Mobile Pages plugin <= 1.0.77.31 versions.

  • CVE-2018-20838May 13, 2019
    risk 0.00cvss epss 0.01

    ampforwp_save_steps_data in the AMP for WP plugin before 0.9.97.21 for WordPress allows stored XSS.