AMP for WP Vulnerability – Reflected Cross-Site Scripting – CVE-2024-0587 | WordPress Plugin Vulnerability Report
Plugin Name: AMP for WP
Key Information:
- Software Type: Plugin
- Software Slug: accelerated-mobile-pages
- Software Status: Active
- Software Author: mohammed_kaludi
- Software Downloads: 17,593,156
- Active Installs: 100,000
- Last Updated: January 22, 2024
- Patched Versions: 1.0.93
- Affected Versions: <= 1.0.92.1
Vulnerability Details:
- Name: Accelerated Mobile Pages <= 1.0.92.1 - Reflected Cross-Site Scripting
- Title: Reflected Cross-Site Scripting
- Type: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
- CVE: CVE-2024-0587
- CVSS Score: 6.1 (Medium)
- Publicly Published: January 22, 2024
- Researcher: stealthcopter
- Description: The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'disqus_name' parameter in all versions up to, and including, 1.0.92.1 due to insufficient input sanitization and output escaping on the executed JS file. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Summary:
The AMP for WP plugin for WordPress has a reflected cross-site scripting vulnerability in versions up to and including 1.0.92.1 that allows unauthenticated attackers to inject arbitrary web scripts. This vulnerability has been patched in version 1.0.93.
Detailed Overview:
The researcher stealthcopter disclosed a reflected cross-site scripting (XSS) vulnerability in the AMP for WP plugin affecting versions up to and including 1.0.92.1. The vulnerability exists in the disqus_name parameter due to insufficient sanitization of user input. This could allow an attacker to trick a user into clicking a crafted link that executes malicious scripts on the vulnerable site.
This presents a risk of account compromise, site defacement, cookie theft and further exploitation. Users are advised to update to version 1.0.93 which contains the fix.
Advice for Users:
- Immediate Action: Update to version 1.0.93 or higher as soon as possible.
- Check for Signs of Vulnerability: Review your site for any unauthorized changes or strange behavior.
- Alternate Plugins: Consider alternate AMP plugins like Official AMP Plugin by AMP Project Contributors as a precaution.
- Stay Updated: Enable automatic updates for plugins to receive timely security fixes.
Conclusion:
This vulnerability serves as an important reminder for users to keep plugins updated. The prompt fix from the developers addresses the security flaw. Users should install version 1.0.93 or later to fully mitigate this reflected XSS vulnerability.
References:
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/accelerated-mobile-pages
Detailed Report:
Keeping your WordPress website secure should be a top priority - unfortunately, that's often easier said than done. Even if you're diligent about updates and security best practices, vulnerabilities can still slip through the cracks. Case in point: a reflected cross-site scripting (XSS) issue was recently disclosed in a very popular WordPress plugin, AMP for WP.
AMP for WP is an open source plugin with over 17 million downloads that helps make WordPress sites fast and smooth loading for mobile visitors. It has over 100,000 active installs, so it has widespread usage.
This particular vulnerability, assigned CVE-2024-0587, affects AMP for WP versions up to and including 1.0.92.1. Without getting overly technical, it allows attackers to inject malicious JavaScript code into vulnerable websites. An attacker could leverage this to steal cookies, compromise user accounts, or deface websites.
The specifics: The vulnerability exists in the disqus_name parameter due to insufficient sanitization of user input. By tricking a user into clicking a crafted link, an attacker can execute scripts on the vulnerable site.
This is considered a medium severity vulnerability, with a CVSS score of 6.1. The good news is that the plugin authors have already issued a patch in version 1.0.93. Updating immediately mitigates any threat from this particular issue.
However, this incident highlights why continuous security hardening is so important. The AMP for WP plugin has faced 6 previous vulnerabilities since October 2018. Relying solely on plugins and themes to remain secure is risky - new threats surface all the time.
As a business owner, you don't have time to monitor everything being published about software flaws. But ignoring warnings can leave your site open to compromise. I want to help ensure your WordPress site stays locked down tight. If you use AMP for WP, update now. For anyone concerned about potential vulnerabilities, we offer website security audits and hardening assistance. Tightening up security doesn’t need to be difficult or expensive. Let's talk about an action plan tailored for your site. With some proactive care, you can help prevent your site from being the next vulnerability statistic.
Security vulnerabilities like this one demonstrate the importance of having WordPress experts regularly monitor, maintain and update your site. At Your WP Guy, we offer ongoing management to handle updates, security monitoring, backups, uptime and support so you can stop worrying and get back to growing your business.
Let us fully audit your site to check for any signs of this vulnerability or other issues. We'll immediately update any out-of-date plugins and harden your site's security. Chat with us anytime during business hours, schedule a call or call 678-995-5169 to lock down your online presence.