Reflected Cross-Site Scripting Vulnerability in AMP for WP Plugin
CVE-2024-11254
6.1MEDIUM
Summary
CVE-2024-11254 identifies a high-risk security vulnerability affecting the AMP for WP – Accelerated Mobile Pages plugin for WordPress. This vulnerability involves reflected cross-site scripting (XSS) due to inadequate input validation on the 'disqus_name' parameter. Any unauthenticated attacker can exploit this flaw to inject arbitrary web scripts into web pages viewed by users, leading to potential data theft, session hijacking, or other malicious actions if a user is tricked into clicking a manipulated link.
References
CVSS V3.1
Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Collectors
NVD Database