A vulnerability for the very popular AMP for WP WordPress plugin with a 100 thousand active installations allows any registered user to escalate their privileges to gain administrative access to the site.

AMP for WP is a plugin that converts WordPress posts into Google’s Accelerated Mobile Pages format, which allows pages to load faster in mobile browsers. Due to its ease of use and possible search engine ranking benefits, many WordPress owners use this plugin to deliver AMP pages to their visitors.

On October 20th, WordPress plugin developer Sybre Waaijer discovered vulnerabilities in the AMP for WP plugin related to how the plugin checked whether a user was allowed to perform a variety of administrative actions. According to Waaijer, these actions include downloading and reading files, uploading files, updating plugin settings, injecting into posts, and more by any registered user of a site utilizing the plugin. 

“Aside from a few exceptions, there were no security checks at all in the implemented code,” Waaijer told BleepingComputer.

This meant that any user who simply registered at the site to post comments would be able to utilize this vulnerability to perform unauthorized administrative activity.