The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Arbitrary File Write in versions up to and including 1.1.12. This is due to unsafe ZIP file extraction in the ampforwp_save_local_font() function combined with inadequate cleanup that fails to remove nested directories and files. This makes it possible for authenticated attackers, with Author-level access and above, and permissions granted by an Administrator, to write arbitrary files to the server in a web-accessible location, potentially leading to remote code execution on hosts that execute PHP files in the uploads directory.
Project Subscriptions
No data.
Advisories
No advisories yet.
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Tue, 07 Jul 2026 15:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Tue, 07 Jul 2026 14:00:00 +0000
Projects
Sign in to view the affected projects.
Status: PUBLISHED
Assigner: Wordfence
Published:
Updated: 2026-07-07T14:14:00.335Z
Reserved: 2026-04-10T23:33:50.597Z
Link: CVE-2026-6101
Updated: 2026-07-07T14:13:51.163Z
No data.
No data.
OpenCVE Enrichment
No data.
Weaknesses