CVE-2024-1043
The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'amppb_remove_saved_layout_data' function in all versions up to, and including, 1.0.93.1. This makes it possible for authenticated attackers, with contributor access and above, to delete arbitrary posts on the site.
We have discovered 12,808 live websites that are affected by CVE-2024-1043.
Affected Software
| Product |  AMP for WP |
| Category | Wordpress Plugins |
| Vulnerable Domains | 12,808 live websites (28.23% of AMP for WP install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 233 versions ( 94.72% of all versions) |
Details
- Published - Feb 20, 2024
- Updated - Aug 1, 2024
Credits
- Sean Murphy (finder)
CVE References
CVE-2024-1043 usage by Country
 United States | 6,266 websites |
 Germany | 1,732 websites |
 Russia | 808 websites |
 France | 722 websites |
 Japan | 416 websites |
 Spain | 217 websites |
 GB | 196 websites |
 Vietnam | 192 websites |
 Italy | 164 websites |
 Brazil | 163 websites |
CVE-2024-1043 usage by TLD
| .com | 6,379 websites |
| .ru | 994 websites |
| .net | 615 websites |
| .org | 528 websites |
| .com.br | 253 websites |
| .info | 223 websites |
| .fr | 201 websites |
| .it | 194 websites |
| .de | 159 websites |
| .es | 117 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2024-1043
Top websites that are affected by CVE-2024-1043. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *****.de | Germany | **,*** | |
| **********.ir |  Iran | **,*** | |
| ***.********.com | United States | **,*** | |
| *******.de | France | **,*** | |
| ******.***.br | United States | **,*** | |
| **********.***.pk |  Pakistan | **,*** | |
| *****************.com | United States | **,*** | |
| **********.com | United States | **,*** | |
| **********.fr | France | **,*** | |
| ********.com | United States | **,*** |
FAQ
A total of 12,808 websites have been identified as vulnerable to CVE-2024-1043, discovered through global website indexing conducted by WebTechSurvey.
AMP for WP is susceptible to CVE-2024-1043 vulnerability.
AMP for WP versions before, and including, 1.0.93.1 are vulnerable to CVE-2024-1043.
References
- https://www.wordfence.com/threat-intel/vulnerabilities/id/ffb70e82-355b-48f3-92d0-19659ed2550e?source=cve
- https://plugins.trac.wordpress.org/browser/accelerated-mobile-pages/tags/1.0.93.1/pagebuilder/inc/adminAjaxContents.php#L134
- https://wordpress.org/plugins/accelerated-mobile-pages/
- https://plugins.trac.wordpress.org/changeset/3030425/accelerated-mobile-pages/tags/1.0.93.2/pagebuilder/inc/adminAjaxContents.php?old=3025105&old_path=accelerated-mobile-pages%2Ftags%2F1.0.93.1%2Fpagebuilder%2Finc%2FadminAjaxContents.php