A popular AMP plugin for WordPress, AMP for WP, has issued a patch addressing a critical security vulnerability.
AMP for WP, which boasts over 100,000 downloads, was temporarily removed from the official WordPress.org plugins section last month.
The plugin has been reinstated since last week.
The developer attributed the removal to a security flaw that “could be exploited by non-admins of the site.”
Such a flaw allows non-admin users to potentially alter plugin settings to display ads, add custom HTML in the header or footer, or inject JavaScript malware.
It is important to note that this plugin is not the one officially supported by Google, although it still has a considerable user base.
Downloading the Patch
For WordPress users with this plugin, it is advisable to download the patch.
To apply the patch, simply update the plugin from your WordPress dashboard.
If you have automatic updates enabled, your plugin may already be patched. Otherwise, manual updating will be required.
