Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Network Security, Security Strategy, Plan, Budget, Vulnerability Management, Patch/Configuration Management, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Privilege escalation bug patched in Accelerated Mobile Pages WordPress plug-in

November 16, 2018

By Bradley Barth

A WordPress plug-in used to build faster-loading web pages was discovered to contain a privilege escalation vulnerability that allows unauthorized attackers to inject malicious HTML code into the main page.

In a company blog post yesterday, researchers at WebARX disclosed the bug, which resides in the "MP for WP – Accelerated Mobile Pages" plug-in. The software's developers patched the issue two weeks ago in its latest release, version 0.9.97.20.

Blog author and WebARX researcher Luka Šikić explains that the flaw is "located in the ampforwp_save_steps_data which is called to save settings during the installation wizard. It’s been registered as wp_ajax_ampforwp_save_installer
ajax hook." The problem is, the plug-in allows every registered user, irrespective of account role, to call Ajax hooks.

There is no validation process to ensure that only high-privileged admins have this ability, which allows them to place ads or add custom HTML in pages' headers or footers. The new version fixes this oversight. But websites running unpatched version of the plug-ins are in danger of having low-privilege users inject malicious HTML such as unwanted ads, mining scripts and other malware, Šikić warns.

Just this week, it was reported that the WP GDPR Compliance WordPress plug-in was patched on Nov. 7 after a critical privilege escalation vulnerability was discovered in its wp-admin/admin-ajax.php functionality. Both this plug-in and MP for WP – Accelerated Mobile Pages have over 100,000 active installations apiece.

An In-Depth Guide to Network Security

Get essential knowledge and practical strategies to fortify your network security.

Learn More

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Cloud representing advanced ai-powered security solutions integrated with modern circuit technology for cyber protection.

Cloud Security

How CIS Hardened Images secure systems and reduce costs

SC StaffMay 1, 2025

CIS Hardened Images are virtual machine images hardened with the globally recognized secure configuration recommendations of the CIS Benchmarks.

Keeping modern customer support tools secure

Identity

Killing CAPTCHA: Blueprint for a more secure and frictionless future

Paul WagenseilMarch 24, 2025

The old CAPTCHA method of verifying human website visitors is clunky, inefficient and annoying. Here's how websites can smoothly and seamlessly establish user humanity.

Encryption

Hidden flaws exist in millions of RSA digital certificates

Paul WagenseilMarch 13, 2025

Keyfactor research finds that about 18% of RSA-based digital certificates have flaws ranging from trivial to very serious. A new tool promises to find them.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news