AMP for WP Plugin Flaw Exploited to Install Backdoors and Create Admin Accounts

WordPress developer Sybre Waaijer discovered a vulnerability in the AMP for WP WordPress plugin that could allow any user registered at the site to post comments to escalate privileges and gain administrative access, acquiring the ability to download and read files, upload files, update plugin settings, inject into posts, etc. The flaw exists due to inadequate security checks for administrative functions. Threat actors are currently conducting cross-site scripting (XSS) attacks targeting the flaw to install backdoors and create administrative accounts on vulnerable WordPress sites. The AMP for WP plugin is used to convert WordPress posts into Google’s Accelerated Mobile Pages format, allowing pages to load faster in mobile browsers. The NJCCIC recommends users of the AMP for WP plugin review the BleepingComputer article, and immediately update to 0.9.97.20 or later.

AlertNJCCICWordPress, XSS