The Accelerated Mobile Pages (AMP) plugin for WordPress recently addressed a medium-severity vulnerability. These have more than 100,000 installations. A flaw here provides an open window that could enable attackers to inject malicious scripts.

These scripts would endanger the visitors to the site. This vulnerability was related to the Cross-site Scripting (XSS) commonly seen in many WordPress plugins where the user input is not fully secured.

XSS plugin vulnerabilities arise due to inadequate validation and cleansing of input data. Sanitization works as a shield and prevents unintended input types.

For example, if a plugin enables users to enter text, it should prevent anything unexpected. These include a script or zip file.

WordPress’s XSS avenue through shortcodes—e.g., short codes like [example]. Shortcodes allow users to put in place features or content from a certain plugin into posts/pages.

The users configure plugins in the admin panel. Then, they use short codes to incorporate the desired functionality within a particular content.

 Warnings From Experts 

Patchstack WordPress security company noted that this vulnerability would enable attackers to inject malicious codes. These codes include redirects or advertisements on a web page. These scripts would run when visitors visited the site, which could result in major problems. (Source)The security hole in the AMP WordPress plugin version 1.0.89 has been fixed. This vulnerability has been rated high, and users are strongly advised to update their installations as soon as possible. It is important to frequently update plugins for websites to stay strong against new security threats and attacks.

Also read

Debamalya Mukherjee

Debamalya is a professional content writer from Kolkata, India. Constantly improving himself in this industry for more than four years, he has amassed immense knowledge regarding his niches of writing tech and gaming articles. He loves spending time with his cats, along with playing every new PC action game as soon as possible.

View all Posts

Leave a Reply

Your email address will not be published. Required fields are marked *