Attackers Exploit Recently Patched Popular WordPress Plugin

November 23, 2018


Recently patched vulnerabilities in the popular AMP for WP plugin are being targeted in an active Cross-Site Scripting (XSS) campaign, Wordfence reports.

With over 100,000 installs, the plugin adds Accelerated Mobile Pages (Google AMP Project) functionality to websites, which makes them faster for mobile users.

Given its popularity, AMP for WP also represents a lucrative target for cybercriminals, especially if site admins are behind with their patching efforts. To exploit the newly discovered vulnerabilities, an attacker needs a minimum of subscriber-level access on a vulnerable site.

Read More on Security Week