CVE-2023-6782
The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.0.92 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
We have discovered 11,872 live websites that are affected by CVE-2023-6782.
Affected Software
| Product |  AMP for WP |
| Category | Wordpress Plugins |
| Vulnerable Domains | 11,872 live websites (26.17% of AMP for WP install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 230 versions ( 93.50% of all versions) |
Details
- Published - Jan 11, 2024
- Updated - Aug 2, 2024
Credits
- Ngô Thiên An (finder)
CVE References
CVE-2023-6782 usage by Country
 United States | 5,793 websites |
 Germany | 1,674 websites |
 Russia | 768 websites |
 France | 623 websites |
 Japan | 384 websites |
 Spain | 193 websites |
 GB | 179 websites |
 Vietnam | 162 websites |
 Brazil | 153 websites |
 Italy | 153 websites |
CVE-2023-6782 usage by TLD
| .com | 5,888 websites |
| .ru | 955 websites |
| .net | 563 websites |
| .org | 457 websites |
| .com.br | 239 websites |
| .info | 213 websites |
| .fr | 183 websites |
| .it | 165 websites |
| .de | 139 websites |
| .pl | 108 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2023-6782
Top websites that are affected by CVE-2023-6782. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *****.de | Germany | **,*** | |
| **********.ir |  Iran | **,*** | |
| ***.********.com | United States | **,*** | |
| *******.de | France | **,*** | |
| ******.***.br | United States | **,*** | |
| **********.***.pk |  Pakistan | **,*** | |
| *****************.com | United States | **,*** | |
| **********.com | United States | **,*** | |
| **********.fr | France | **,*** | |
| ********.com | United States | **,*** |
FAQ
A total of 11,872 websites have been identified as vulnerable to CVE-2023-6782, discovered through global website indexing conducted by WebTechSurvey.
AMP for WP is susceptible to CVE-2023-6782 vulnerability.
AMP for WP versions before, and including, 1.0.92 are vulnerable to CVE-2023-6782.
References
- https://www.wordfence.com/threat-intel/vulnerabilities/id/c1cae64e-caed-43c0-9a75-9aa4234946a0?source=cve
- https://plugins.svn.wordpress.org/accelerated-mobile-pages/trunk/templates/features.php
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3010797%40accelerated-mobile-pages%2Ftrunk&old=2998126%40accelerated-mobile-pages%2Ftrunk&sfp_email=&sfph_mail=