Accelerated Mobile Pages <= 0.9.97.19 - Multiple Unauthenticated Vulnerabilities

Affects Plugin

fixed in version 0.9.97.20

References

URL https://github.com/sybrew/the-seo-framework/issues/203#issuecomment-431602416
URL https://wordpress.org/support/topic/is-this-plugin-closed-2/
URL https://threatpost.com/critical-wordpress-flaw-grants-admin-access-to-any-registered-site-user/139162/

Classification

Type AUTHBYPASS
OWASP Top 10 A2: Broken Authentication and Session Management
CWE CWE-287

Miscellaneous

Original Researcher Sybre Waaijer
Submitter Sybre Waaijer
Submitter Website https://theseoframework.com/
Submitter Twitter SybreWaaijer
Views 2104
Verified No
WPVDB ID 9147

Timeline

Publicly Published 2018-10-20 (about 2 months ago)
Added 2018-11-13 (about 1 month ago)
Last Updated 2018-11-19 (28 days ago)

Copyright & License

Copyright All data and resources contained within this page and this web site is Copyright © The WPScan Team.
License Some of this data may be used for non-commercial purposes, however, any potential commercial usage of this data will require a license. If you would like to inquire about a commercial license please contact us.