Vulnerabilities > Ampforwp

DATE CVE VULNERABILITY TITLE RISK
2024-01-23 CVE-2024-0587 Cross-site Scripting vulnerability in Ampforwp Accelerated Mobile Pages
The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'disqus_name' parameter in all versions up to, and including, 1.0.92.1 due to insufficient input sanitization and output escaping on the executed JS file.
network
low complexity
ampforwp CWE-79
6.1
2022-03-18 CVE-2021-23150 Cross-site Scripting vulnerability in Ampforwp Accelerated Mobile Pages
Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability discovered in AMP for WP – Accelerated Mobile Pages plugin <= 1.0.77.31 versions.
network
low complexity
ampforwp CWE-79
4.8
2022-03-18 CVE-2021-23209 Cross-site Scripting vulnerability in Ampforwp Accelerated Mobile Pages
Multiple Authenticated (admin user role) Persistent Cross-Site Scripting (XSS) vulnerabilities discovered in AMP for WP – Accelerated Mobile Pages WordPress plugin (versions <= 1.0.77.32).
network
low complexity
ampforwp CWE-79
4.8