CVE-2025-14468 – AMP for WP – Accelerated Mobile Pages CSRF Vulnerability

CVE ID : CVE-2025-14468

Published : Jan. 7, 2026, 6:28 a.m. | 1 hour, 58 minutes ago

Description : The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.9. This is due to inverted nonce verification logic in the amp_theme_ajaxcomments AJAX handler, which rejects requests with VALID nonces and accepts requests with MISSING or INVALID nonces. This makes it possible for unauthenticated attackers to submit comments on behalf of logged-in users via a forged request granted they can trick a user into performing an action such as clicking on a link, and the plugin’s template mode is enabled.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-14468 – AMP for WP – Accelerated Mobile Pages CSRF Vulnerability

تکمیل ظرفیت سرور لهستان

سرور مناسب برای ترید و ارز دیجیتال

دیتاسنتر جدید در لهستان

سرور های جدید از اسپانیا

AMD EPYC & Ryzen از کشور انگلستان

آفر های جدید AMD EPYC و AMD Ryzen

آفر سرور اختصاصی از آمریکا

افزایش قیمت دامنه های ir از ۳۱ خرداد

افزایش قیمت جهانی دامنه .com

آفر های جدید سرور اختصاصی مرداد 1403

CVE-2026-21873 – Zero-click XSS in all NiceGUI apps which uses `ui.sub_pages`

سرور های جدید از روسیه-وارز

تخفیف ویژه دامنه .ASIA

ثبت دامنه .IO

انتقال رایگان پسوند دامنه PW

Kerio Control 9.2.4 Build 2223

نوشته های مشابه

CVE-2025-15224 – libssh key passphrase bypass without agent set

CVE-2025-15079 – libssh global known_hosts override

CVE-2025-14819 – OpenSSL partial chain store policy bypass

CVE-2025-14524 – bearer token leak on cross-protocol redirect