The Accelerated Mobile Pages (AMP) plugin for WordPress recently addressed a medium-severity vulnerability. These have more than 100,000 installations. A flaw here provides an open window that could enable attackers to inject malicious scripts.

These scripts would endanger the visitors to the site. This vulnerability was related to the Cross-site Scripting (XSS) commonly seen in many WordPress plugins where the user input is not fully secured.

XSS plugin vulnerabilities arise due to inadequate validation and cleansing of input data. Sanitization works as a shield and prevents unintended input types.

For example, if a plugin enables users to enter text, it should prevent anything unexpected. These include a script or zip file.

WordPress’s XSS avenue through shortcodes—e.g., short codes like [example]. Shortcodes allow users to put in place features or content from a certain plugin into posts/pages.

The users configure plugins in the admin panel. Then, they use short codes to incorporate the desired functionality within a particular content.

 Warnings From Experts 

Patchstack WordPress security company noted that this vulnerability would enable attackers to inject malicious codes. These codes include redirects or advertisements on a web page. These scripts would run when visitors visited the site, which could result in major problems. (Source)The security hole in the AMP WordPress plugin version 1.0.89 has been fixed. This vulnerability has been rated high, and users are strongly advised to update their installations as soon as possible. It is important to frequently update plugins for websites to stay strong against new security threats and attacks.

Also read

• New AI Model Outperforms Google’s Powerful PaLM-2
• Best Tools To Maximize Performance Of Online Education
• Web Workings: The Art And Craft Of Climbing The Digital Ladder.