Product
An arbitrary file write vulnerability (CVE-2026-6101) exists in the AMP for WP – Accelerated Mobile Pages plugin for WordPress, affecting versions up to and including 1.1.12. This flaw, caused by unsafe ZIP file extraction and inadequate cleanup, allows authenticated attackers with Author-level access and administrator-granted permissions to write arbitrary files to web-accessible server locations, potentially leading to remote code execution.