Accelerated Mobile Pages <= 0.9.97.19 - Multiple Unauthenticated Vulnerabilities

Affects Plugin

fixed in version 0.9.97.20

References

URL https://github.com/sybrew/the-seo-framework/issues/203#issuecomment-431602416
URL https://wordpress.org/support/topic/is-this-plugin-closed-2/
URL https://threatpost.com/critical-wordpress-flaw-grants-admin-access-to-any-registered-site-user/139162/

Classification

Type AUTHBYPASS
OWASP Top 10 A2: Broken Authentication and Session Management
CWE CWE-287

Miscellaneous

Original Researcher Sybre Waaijer
Submitter Sybre Waaijer
Submitter Website https://theseoframework.com/
Submitter Twitter SybreWaaijer
Views 6363
Verified No
WPVDB ID 9147

Timeline

Publicly Published 2018-10-20 (about 1 year ago)
Added 2018-11-13 (about 1 year ago)
Last Updated 2019-11-01 (13 days ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin