Back to overview

CVE-2026-6101

HIGH
7.5
CVSS 3.1
Description
The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Arbitrary File Write in versions up to and including 1.1.12. This is due to unsafe ZIP file extraction in the ampforwp_save_local_font() function combined with inadequate cleanup that fails to remove nested directories and files. This makes it possible for authenticated attackers, with Author-level access and above, and permissions granted by an Administrator, to write arbitrary files to the server in a web-accessible location, potentially leading to remote code execution on hosts that execute PHP files in the uploads directory.

Metadata

CVE ID
CVE-2026-6101
State
PUBLISHED
Assigner
Wordfence
Reserved
2026-04-10 23:33 UTC
Published
2026-07-07 13:32 UTC
Last updated
2026-07-07 14:14 UTC
Primary CWE
CWE-73
CWE-73 External Control of File Name or Path
Vendor / Product
mohammed_kaludi / AMP for WP – Accelerated Mobile Pages
Sources
cve.org  ·  NVD

Severity & Metrics

7.5 HIGH CVSS 3.1
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
SSVC — CISA Coordinator
Exploitation
none
Automatable
no
Tech. Impact
total
Affected products (1)
VendorProductPlatformVersions
mohammed_kaludi AMP for WP – Accelerated Mobile Pages 0 ≤ 1.1.12
Weakness (CWE)
CWESourceDescription
CWE-73 cna CWE-73 External Control of File Name or Path
CVSS scores (1)
ScoreSeverityVersionSourceVector
7.5 HIGH 3.1 cna CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Back to overview