Question 1

What is the AMP for WP vulnerability?

Accepted Answer

What is the AMP for WP vulnerability?

The vulnerability, tracked as CVE-2023-6782, affects versions of the AMP for WP plugin up to and including 1.0.92. It allows authenticated users with contributor access or higher to inject malicious scripts into pages that include the plugin's shortcodes. When visitors view affected pages, the scripts execute, enabling serious attacks like site takeovers or data theft.

Question 2

How can this vulnerability be exploited?

Accepted Answer

How can this vulnerability be exploited?

Attackers would first need a way to gain contributor access to the vulnerable WordPress site. This could happen through compromised admin credentials or weak passwords. Once they can access the admin dashboard, they can add pages/posts with shortcodes and inject malicious scripts into parameters. They save the page and the scripts get stored. Now when users visit those pages, the scripts execute.

Question 3

What damage can be done through this vulnerability?

Accepted Answer

What damage can be done through this vulnerability?

Full site takeovers are possible. Attackers can gain admin access, steal user data, install backdoors, conduct phishing attacks, deface sites, redirect visitors to malicious pages, and more. Essentially, they gain a foothold to then conduct any other attack they want by compromising the site.

Question 4

What WordPress sites are affected?

Accepted Answer

What WordPress sites are affected?

Any site running the AMP for WP plugin at affected versions, up to and including 1.0.92, is vulnerable. This is a popular plugin with over 17 million downloads, so a widespread issue. If you have not updated recently, check your site's plugin versions immediately.

Question 5

Is there a patch available?

Accepted Answer

Is there a patch available?

Yes, the plugin developers have issued a patched version 1.0.92.1 that resolves the vulnerability. All users should manually update to this latest version or enable automatic background updates if supported by your WordPress hosting provider.

Question 6

Should I switch AMP plugins entirely?

Accepted Answer

Should I switch AMP plugins entirely?

The updated AMP for WP plugin is safe if you patch to 1.0.92.1 or higher. However, given the repeated vulnerabilities associated with this plugin, switching to an alternate AMP solution like Better AMP could provide more peace of mind regarding security.

Question 7

How do I know if my specific site was compromised?

Accepted Answer

How do I know if my specific site was compromised?

Carefully check pages and posts with shortcodes for any unexpected or unfamiliar scripts, iframes, or code snippets. Also scan files for anything suspicious. Check when users were last active and whether any new unrecognized admin accounts exist. Unfortunately, complex attacks can be difficult to detect, so consider a managed website security provider to monitor for threats.

Question 8

Why do these vulnerabilities happen so often?

Accepted Answer

Why do these vulnerabilities happen so often?

The rapid pace of software development can make it difficult to identify all possible vulnerabilities in advance. Hackers constantly probe apps for undiscovered flaws. Additionally, the complex integrations between various plugins, themes, and WordPress itself multiply the potential attack surface. More popular software simply gets probed more.

Question 9

How can I better stay on top of future vulnerabilities?

Accepted Answer

How can I better stay on top of future vulnerabilities?

Subscribe to plugin developer mailing lists or security advisory services to receive notifications when new issues emerge. Schedule monthly plugin reviews and always update to latest versions. Consider managed WordPress security services that monitor 24/7 and automatically patch vulnerabilities. For busy site owners, outsourcing oversight is wise.

Question 10

What can software developers do to avoid these issues?

Accepted Answer

What can software developers do to avoid these issues?

Integrating security reviews into the development process helps. Rigorous testing by ethical hackers who probe intentionally for flaws can reveal weaknesses missed otherwise. Following secure coding best practices through the entire lifecycle also reduces chances of vulnerabilities. But due to complexity, some bugs inevitably slip through which is why ongoing monitoring and quick patching is essential.

CVE-2023-6782

AMP for WP Vulnerability – Authenticated (Contributor+) Cross-Site Scripting via Shortcode – CVE-2023-6782 | WordPress Plugin Vulnerability Report

Recent Blog Posts

LiteSpeed Cache Vulnerability – Unauthenticated Sensitive Information Exposure via Log Files – CVE-2024-44000 | WordPress Plugin Vulnerability Report

Elementor Addon Elements Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Parameters – CVE-2024-4401, CVE-2024-7122 | WordPress Plugin Vulnerability Report

The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid Vulnerability – Authenticated (Contributor+) Information Disclosure – CVE-2024-7418 | WordPress Plugin Vulnerability Report

Additional Resources

About Your WP Guy