Get Started for Free
  1. SEJ
  2.  » 
  3. News

Popular AMP for WP Plugin Patches Critical Security Flaw

Popular AMP for WP Plugin Patches Critical Security Flaw

A top AMP plugin for WordPress, AMP for WP, has released a patch for a critical security vulnerability.

AMP for WP, which currently has 100,000+ downloads, was pulled from the official plugins section last month.

It has since reappeared as of last week.

The developer says the reason it was pulled was due to a security flow that “could be exploited by non-admins of the site.”

That type of flaw means non-admins could manipulate the plugin settings to place ads, add custom HTML in header or footer, or insert javascript malware.

Please note that this does not refer to the official Google-supported plugin, but it does have a significant number of users.

Continue Reading Below

Downloading the Patch

If you’re one of the many WordPress users with this plugin installed it’s recommended that you download the patch.

Applying the patch is as simple as updating the plugin from your WordPress dashboard.

If you have automatic updates turned on then your plugin may already by patched. Otherwise you will have to update the plugin manually.


Subscribe to SEJ

Get our daily newsletter from SEJ's Founder Loren Baker about the latest news in the industry!

Topic(s) of Interest*
By clicking the "SUBSCRIBE" button, I agree and accept the content agreement and privacy policy of Search Engine Journal.

Matt Southern

Lead News Writer at Search Engine Journal

Matt Southern has been the lead news writer at Search Engine Journal since 2013. With a degree in communications, Matt ... [Read full bio]

Read the Next Article
Read the Next