CVE-2025-14468

Name of the Vulnerable Software and Affected Versions AMP for WP – Accelerated Mobile Pages plugin for WordPress versions up to and including 1.1.9

Description The software is susceptible to a Cross-Site Request Forgery (CSRF) issue. This is a result of flawed nonce verification within the amp theme ajaxcomments AJAX handler, which incorrectly rejects valid nonces while accepting missing or invalid ones. This allows attackers to submit comments as authenticated users if they can trick a user into performing an action, such as clicking a malicious link, and the plugin’s template mode is enabled.

Recommendations Update the AMP for WP – Accelerated Mobile Pages plugin to a version newer than 1.1.9.