HIGH
mohammed_kaludi
CVE published 2026-07-07
CVE-2026-6101
The CVE-2026-6101 vulnerability is an Arbitrary File Write issue in the AMP for WP – Accelerated Mobile Pages plugin for WordPress. This vulnerability exists due to unsafe ZIP file extraction in the ampforwp_save_local_font() function, combined with inadequate cleanup that fails to remove nested directories and files. Authenticated attackers with Author-level access and above, and permissions granted by a [truncated]