WordPress Plugin Vulnerabilities

Accelerated Mobile Pages <= 0.9.97.19 - Multiple Unauthenticated Vulnerabilities

Description

The AMP for WP – Accelerated Mobile Pages WordPress plugin was affected by a Multiple Unauthenticated Vulnerabilities security vulnerability.

Affects Plugins

Plugin icon
accelerated-mobile-pages
Fixed in 0.9.97.20

References

URL
https://github.com/sybrew/the-seo-framework/issues/203#issuecomment-431602416
URL
https://wordpress.org/support/topic/is-this-plugin-closed-2/
URL
https://threatpost.com/critical-wordpress-flaw-grants-admin-access-to-any-registered-site-user/139162/

Classification

Type
AUTHBYPASS
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-287

Miscellaneous

Original Researcher
Sybre Waaijer
Submitter
Sybre Waaijer
Submitter website
https://theseoframework.com/
Submitter twitter
SybreWaaijer
Verified
No
WPVDB ID
8153a7a7-18f2-49c2-a68a-402a5bd0a198

Timeline

Publicly Published
2018-10-20 (about 7 years ago)
Added
2018-11-13 (about 7 years ago)
Last Updated
2019-11-01 (about 6 years ago)

Other

Published
Title
Published
2024-05-19
Title
Chauffeur Taxi Booking System for WordPress < 7.0 - Authentication Bypass
Published
2024-08-12
Title
JobSearch <= 2.3.4 - Authentication Bypass to Account Takeover
Published
2025-07-03
Title
WP Compress < 6.30.31 - Unauthenticated Broken Authentication
Published
2014-08-01
Title
Portable phpMyAdmin 1.4.1 - Multiple Script Direct Request Authentication Bypass
Published
2023-01-27
Title
ContentStudio < 1.2.6 - Authorisation Bypass