Stored Cross-Site Scripting Vulnerability in AMP for WP Plugin by WordPress
CVE-2023-6782
5.4MEDIUM
Key Information:
- Vendor
Wordpress
- Vendor
- CVE Published:
- 11 January 2024
What is CVE-2023-6782?
The AMP for WP – Accelerated Mobile Pages plugin is prone to a vulnerability allowing authenticated attackers with contributor-level or higher permissions to exploit insufficient input sanitization and output escaping. By injecting arbitrary web scripts into the plugin's shortcodes, attackers can cause these scripts to execute whenever a user accesses the impacted pages, potentially compromising user data and site integrity.
Affected Version(s)
AMP for WP – Accelerated Mobile Pages * <= 1.0.92