Accelerated Mobile Pages < 0.9.97.21 - Stored XSS

Affects Plugin

fixed in version 0.9.97.21

References

CVE 2018-20838
URL https://ampforwp.com/critical-security-issues-has-been-fixed-in-0-9-97-20-version/
URL https://www.wordfence.com/blog/2018/11/xss-injection-campaign-exploits-wordpress-amp-plugin/

Classification

Type XSS
OWASP Top 10 A7: Cross-Site Scripting (XSS)
CWE CWE-79

Miscellaneous

Views 1906
Verified No
WPVDB ID 9616

Timeline

Publicly Published 2018-11-20 (over 1 year ago)
Added 2019-08-23 (11 months ago)
Last Updated 2019-11-28 (8 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin