Friday, February 23, 2024

WordPress plugin vulnerability impacts over 100,000 sites

A popular WordPress plugin, Accelerated Mobile Pages, used by over 100,000 websites, recently addressed a medium-severity security flaw. This vulnerability could have let attackers inject harmful scripts, impacting visitors.

Understanding the vulnerability

Cross-site scripting (XSS) is a common security issue, particularly in WordPress . It arises when a plugin's data input isn't adequately secured, allowing unauthorised data like scripts or zip files to be inserted. In the case of the Accelerated Mobile Pages plugin, this issue stemmed from handling shortcodes.

Shortcodes in WordPress let users easily integrate plugin functionalities within posts and pages. However, if these shortcodes are not properly secured, they can become a gateway for attackers to inject malicious scripts.

The specifics of the flaw

Wordfence, a security firm, detailed the nature of the vulnerability in the Accelerated Mobile Pages plugin. The flaw was present in all versions up to 1.0.88.1 due to inadequate sanitisation of user inputs in the plugin's shortcodes. This inadequacy allowed attackers with at least contributor-level access to exploit the vulnerability.

Patchstack, another security company, rated this exploit as having medium severity with a 6.5 score out of 10. They recommended users update their plugin to version 1.0.89 or later to mitigate the risk.

Protecting your site

For website administrators using this plugin, ensuring that the latest update is installed is crucial. Regularly updating plugins is critical to maintaining website security and protecting against such vulnerabilities.

Read the full Patchstack report on the vulnerability here:

WordPress Accelerated Mobile Pages Plugin <= 1.0.88.1 is vulnerable to Cross Site Scripting (XSS)

Also, find the detailed announcement by Wordfence here:

Accelerated Mobile Pages <= 1.0.88.1 – Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode

Tech Edition has partnerships that involve sponsored content. While this financial support helps us with daily operations, it doesn't affect the integrity of our reviews. We remain committed to delivering honest and insightful content to our readers.

Tech Edition is now on Telegram! Join our channel here and catch all the latest tech news!

Nurin Sofia
Nurin Sofia
Nurin Sofia is a news editor at Tech Edition. Her interest is in technology and startups, occasionally crunching news for gaming. Sofia enjoys playing video games, going on bike rides, and gardening when she isn't behind a keyboard.

Featured Article

Samsung Galaxy S24 Ultra: A technological marvel redefined

Discover the Samsung Galaxy S24 Ultra: A powerhouse of innovation with a Snapdragon 8 Gen 3 processor, 6.8-inch Dynamic AMOLED display, and a 200MP camera setup. Experience next-level photography, performance, and AI features.

Read more

- Advertisement -

Related Stories