cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-9598,https://securityvulnerability.io/vulnerability/CVE-2024-9598,Vulnerability in AMP for WP Could Allow Unauthenticated Attackers to Steal Cookies,"The AMP for WP – Accelerated Mobile Pages plugin for WordPress is susceptible to Cross-Site Request Forgery due to inadequate nonce validation within its 'proxy' function. This vulnerability allows unauthenticated attackers to exploit session cookies of logged-in users by tricking them into executing actions, such as clicking malicious links. Successful exploitation can lead to unauthorized access and manipulation of user sessions.",Wordpress,Amp For WP – Accelerated Mobile Pages,8.8,HIGH,0.0005499999970197678,false,,false,false,false,,false,false,2024-10-25T07:37:59.702Z,0
CVE-2024-6896,https://securityvulnerability.io/vulnerability/CVE-2024-6896,Stored Cross-Site Scripting Vulnerability in AMP for WP,"The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.96.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.",Wordpress,Amp For WP – Accelerated Mobile Pages,5.4,MEDIUM,0.0005200000014156103,false,,false,false,false,,false,false,2024-07-24T11:00:09.141Z,0
CVE-2024-1043,https://securityvulnerability.io/vulnerability/CVE-2024-1043,Unauthorized Data Loss in AMP for WP Due to Missing Capability Check,"The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'amppb_remove_saved_layout_data' function in all versions up to, and including, 1.0.93.1. This makes it possible for authenticated attackers, with contributor access and above, to delete arbitrary posts on the site.",Wordpress,AMP for WP – Accelerated Mobile Pages,6.5,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-02-29T01:43:00.000Z,0
CVE-2024-0587,https://securityvulnerability.io/vulnerability/CVE-2024-0587,Reflected Cross-Site Scripting Vulnerability in AMP for WP Plugin by WordPress,"The AMP for WP – Accelerated Mobile Pages plugin for WordPress is susceptible to reflected cross-site scripting due to inadequate input sanitization and output escaping specifically related to the 'disqus_name' parameter. This vulnerability can allow unauthenticated attackers to inject malicious scripts into web pages. If a user is deceived into clicking a compromised link, it can lead to the execution of arbitrary JavaScript on the site, potentially compromising sensitive information and user sessions.",Wordpress,AMP for WP – Accelerated Mobile Pages,6.1,MEDIUM,0.0005499999970197678,false,,false,false,false,,false,false,2024-01-23T06:46:30.687Z,0
CVE-2023-6782,https://securityvulnerability.io/vulnerability/CVE-2023-6782,Stored Cross-Site Scripting Vulnerability in AMP for WP Plugin by WordPress,"The AMP for WP – Accelerated Mobile Pages plugin is prone to a vulnerability allowing authenticated attackers with contributor-level or higher permissions to exploit insufficient input sanitization and output escaping. By injecting arbitrary web scripts into the plugin's shortcodes, attackers can cause these scripts to execute whenever a user accesses the impacted pages, potentially compromising user data and site integrity.",Wordpress,AMP for WP – Accelerated Mobile Pages,5.4,MEDIUM,0.0005799999926239252,false,,false,false,false,,false,false,2024-01-11T08:32:55.986Z,0
CVE-2021-23209,https://securityvulnerability.io/vulnerability/CVE-2021-23209,WordPress AMP for WP – Accelerated Mobile Pages plugin <= 1.0.77.32 - Multiple Auth. Stored Cross-Site Scripting (XSS) vulnerabilities,Multiple Authenticated (admin user role) Persistent Cross-Site Scripting (XSS) vulnerabilities discovered in AMP for WP – Accelerated Mobile Pages WordPress plugin (versions <= 1.0.77.32).,Wordpress,Amp For WP – Accelerated Mobile Pages (WordPress Plugin),4.8,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2022-03-18T18:15:00.000Z,0