CVE-2025-14468
Unknown Unknown - Not Provided
CSRF in AMP for WP Plugin Allows Unauthorized Comment Submission

Publication date: 2026-01-07

Last updated on: 2026-01-07

Assigner: Wordfence

Description
The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.9. This is due to inverted nonce verification logic in the amp_theme_ajaxcomments AJAX handler, which rejects requests with VALID nonces and accepts requests with MISSING or INVALID nonces. This makes it possible for unauthenticated attackers to submit comments on behalf of logged-in users via a forged request granted they can trick a user into performing an action such as clicking on a link, and the plugin's template mode is enabled.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-07
Last Modified
2026-01-07
Generated
2026-06-16
AI Q&A
2026-01-07
EPSS Evaluated
2026-06-15
NVD
CVE-2025-14468
EUVD
EUVD-2026-1291
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
wpbeaverbuilder accelerated_mobile_pages to 1.1.9 (inc)
wpbeaverbuilder accelerated_mobile_pages 1.1.10
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-352 The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a Cross-Site Request Forgery (CSRF) issue in the AMP for WP plugin for WordPress, specifically in versions up to and including 1.1.9. The problem arises because the plugin's nonce verification logic is inverted in the amp_theme_ajaxcomments AJAX handler. Instead of rejecting requests with invalid or missing nonces, it rejects requests with valid nonces and accepts those with missing or invalid ones. This flaw allows unauthenticated attackers to submit comments on behalf of logged-in users if they can trick the user into performing an action like clicking a malicious link, provided the plugin's template mode is enabled.

Impact Analysis

This vulnerability can allow an attacker to submit comments on behalf of authenticated users without their consent. This could lead to unauthorized content being posted on your WordPress site, potentially damaging your site's reputation, enabling spam, or facilitating further attacks through malicious comments.

Detection Guidance

This vulnerability can be detected by checking if the installed version of the AMP for WP plugin is 1.1.9 or earlier, as these versions contain the flawed nonce verification logic. Additionally, monitoring AJAX requests to the amp_theme_ajaxcomments handler for comment submissions that accept requests with missing or invalid nonces could indicate exploitation attempts. Specific commands are not provided in the resources, but inspecting the plugin version via WordPress CLI (e.g., `wp plugin list`) and reviewing AJAX request logs for suspicious comment submissions could help detect the issue. [1, 2]

Mitigation Strategies

The immediate mitigation step is to update the AMP for WP plugin to version 1.1.10 or later, where the nonce verification logic has been corrected to properly reject invalid or missing nonces, thus preventing CSRF attacks. Until the update is applied, consider disabling the plugin's template mode or restricting access to comment submission endpoints to trusted users only. [2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-14468. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart