CVE-2024-11254 MEDIUM

CVE-2024-11254: AMP for WP – Accelerated Mobile Pages <= 1.1.1 - Reflected Cross-Site Scripting

Vendor Mohammed_Kaludi
Product AMP for WP – Accelerated Mobile Pages
Weakness CWE-79 · XSS
Published December 18, 2024
Last update April 8, 2026
View on NVD All CVEs

CVSS base score

6.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the disqus_name parameter in all versions up to, and including, 1.1.1 due to insufficient input validation. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

Key dates

02Disclosure timeline

December 18, 2024 CVE published
April 8, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-26544 WordPressUTM tags + Landing page plugin <= 1.4 - CSRF to Stored XSS vulnerability CVE-2024-52526 LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device/services.inc.php CVE-2020-5272 Reflected XSS on Search page of PrestaShop CVE-2023-1485 SourceCodester Young Entrepreneur E-Negosyo System GET Parameter index.php cross site scripting CVE-2023-2119 Responsive Filterable Portfolio <= 1.0.19 - Reflected Cross-Site Scripting