Arbitrary File Write Vulnerability in AMP for WP Plugin by WordPress
CVE-2026-6101

7.5HIGH

What is CVE-2026-6101?

The AMP for WP – Accelerated Mobile Pages plugin for WordPress suffers from an Arbitrary File Write vulnerability due to improper ZIP file extraction methods utilized in the ampforwp_save_local_font() function. This security flaw permits authenticated users with Author-level access or higher, who possess certain permissions, to create arbitrary files within a web-accessible directory on the server. The failure to adequately clean up failed extractions leads to nested directories remaining on the server, which could allow attackers to conduct remote code execution if PHP files are run from the uploads folder.

Affected Version(s)

AMP for WP – Accelerated Mobile Pages 0 <= 1.1.12

References

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Leonid Semenenko (lsemenenko)
.