AMP for WP Vulnerability – Authenticated (Contributor+) Cross-Site Scripting via Shortcode – CVE-2023-6782 | WordPress Plugin Vulnerability Report

Plugin Name: AMP for WP

Key Information:

  • Software Type: Plugin
  • Software Slug: accelerated-mobile-pages
  • Software Status: Active
  • Software Author: mohammed_kaludi
  • Software Downloads: 17,465,196
  • Active Installs: 100,000
  • Last Updated: December 18, 2023
  • Patched Versions: 1.0.92.1
  • Affected Versions: <= 1.0.92

Vulnerability Details:

  • Name: AMP for WP – Accelerated Mobile Pages <= 1.0.92 - Authenticated (Contributor+) Cross-Site Scripting via Shortcode
  • Title: Authenticated (Contributor+) Cross-Site Scripting via Shortcode
  • Type: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
  • CVE: CVE-2023-6782
  • CVSS Score: 6.4 (Medium)
  • Publicly Published: December 18, 2023
  • Researcher: Ngô Thiên An
  • Description: The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.0.92 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Summary:

The AMP for WP plugin for WordPress has a vulnerability in versions up to and including 1.0.92 that allows for stored cross-site scripting by authenticated users with contributor-level access or higher. This vulnerability has been patched in version 1.0.92.1.

Detailed Overview:

This vulnerability allows attackers with contributor access or higher to store malicious scripts in pages that use the plugin's shortcodes. When victims visit a page containing the injected scripts, the scripts will execute. This could lead to session hijacking, site defacement, phishing attacks and more. The vulnerability was reported by researcher Ngô Thiên An and has been fixed by the plugin developers in version 1.0.92.1. All users should update immediately.

Advice for Users:

  1. Immediate Action: Update to version 1.0.92.1 or higher immediately.
  2. Check for Signs of Vulnerability: Review pages and posts for unexpected scripts or iframes.
  3. Alternate Plugins: Consider alternate AMP plugins like Better AMP.
  4. Stay Updated: Always keep plugins updated to avoid vulnerabilities.

Conclusion:

The update patches this serious vulnerability. Users should install version 1.0.92.1 immediately to prevent compromise of their sites. Prompt updates are key to staying secure.

References:

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/accelerated-mobile-pages

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/accelerated-mobile-pages/amp-for-wp-accelerated-mobile-pages-1092-authenticated-contributor-cross-site-scripting-via-shortcode

Detailed Report:

Have you updated your websites lately? Keeping your WordPress site and its plugins up-to-date is critical for security, as outdated software frequently contains vulnerabilities that hackers can exploit to compromise sites. Unfortunately, the popular AMP for WP plugin has a newly discovered vulnerability that underscores this risk.

What is AMP for WP?

AMP for WP is a widely-used plugin that helps optimize WordPress sites for fast loading on mobile devices. With over 17 million downloads and around 100,000 active installs, it's a popular choice to improve site speed.

Details on the New Vulnerability

Researchers recently disclosed a serious vulnerability in AMP for WP affecting versions up to and including 1.0.92. Tracked as CVE-2023-6782, the issue allows authenticated users with contributor-level access or higher to inject malicious scripts into pages that include the plugin's shortcodes. When visitors load vulnerable pages, the scripts execute, potentially enabling session hijacking, site defacement, or phishing.

Risks and Impacts

This vulnerability enables serious compromise of WordPress sites. Attackers could gain admin access, steal user data, deface sites, install backdoors, redirect visitors, and conduct phishing. Basically, it opens the door for attackers to take full control or conduct any other attack they desire.

How to Fix

Thankfully, the plugin developers have patched the issue in AMP for WP version 1.0.92.1. All users should update immediately to close the vulnerability on their sites. You can do this manually through the WordPress dashboard. If you need assistance updating or checking whether your specific site was compromised, don’t hesitate to get in touch.

Previous Vulnerabilities

Unfortunately, this is not the first vulnerability found in AMP for WP. There have been 5 previous issues reported since October 2018 that also enabled site takeovers until patched. This illustrates risks with outdated plugins.

The Importance of Staying Updated

Staying on top of WordPress security can feel overwhelming for small business owners without dedicated IT staff. At Your WP Guy, we exist to shoulder that burden for you. Our WordPress experts can fully audit, secure, maintain and support your site - so you can focus on growing your business with peace of mind.

Don't tackle security risks alone. Let us help you assess any impact from this vulnerability, update your plugins, and implement ongoing maintenance to avoid future threats. We treat your website like it's our own - because we know how critical it is for reaching your customers.

Get in touch for a free consultation today on making WordPress security stress-free. Call 678-995-5169 or book a call here. Our knowledgeable team is ready to help you safeguard your online presence.

AMP for WP Vulnerability - Authenticated (Contributor+) Cross-Site Scripting via Shortcode - CVE-2023-6782 | WordPress Plugin Vulnerability Report FAQs

Leave a Comment