Update now! Dangerous AMP for WordPress plugin fixed

If you’re one of the 100,000+ users of AMP for WP, good news – the popular plugin for implementing Accelerated Mobile Pages returned to WordPress.org last week.

AMP is a Google technology through which users of publishing partners such as WordPress can create pages that will load faster on mobile devices. Doing that requires a plugin, which is where AMP for WP comes in.

The plugin’s hiatus, which began when it abruptly disappeared on 21 October, was starting to look a little unusual.

According to a note from the developer, the reason for the disappearance was an ominous-sounding security flaw that “could be exploited by non-admins of the site.”

It also said that existing users could continue using the plugin in the meantime, which wouldn’t have sounded terribly reassuring to anyone using it in its vulnerable state as the days turned into weeks.

We’ve got a report from the WordPress that they found a security Vulnerability in our plugin which could be exploited by non-admins of the site, so to prevent the exploitation they temporary withdraw our plugin for further download. But the existing user’s will be able to use the plugin like always.

The day after AMP for WP reappeared on WordPress.org on 14 November, WebARX, the company that discovered the security problems, finally explained the weakness.

Read the full story here.