magazine3 CVE Vulnerabilities & Metrics

Focus on magazine3 vulnerabilities and metrics.

Last updated: 08 Mar 2025, 23:25 UTC

About magazine3 Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with magazine3. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total magazine3 CVEs: 10
Earliest CVE date: 13 May 2019, 05:29 UTC
Latest CVE date: 01 Nov 2024, 15:15 UTC

Latest CVE reference: CVE-2024-47318

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 2

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): -71.43%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): -71.43%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical magazine3 CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 0.35

Max CVSS: 3.5

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	10
4.0-6.9	0
7.0-8.9	0
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS magazine3 CVEs

These are the five CVEs with the highest CVSS scores for magazine3, sorted by severity first and recency.

CVE-2018-20838 magazine3 Published on 13 May 2019, 05:29 UTC (CVSS: 3.5)
ampforwp_save_steps_data in the AMP for WP plugin before 0.9.97.21 for WordPress allows stored XSS.
CVE-2024-47318 magazine3 Published on 01 Nov 2024, 15:15 UTC (CVSS: 0)
Missing Authorization vulnerability in Magazine3 PWA for WP & AMP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PWA for WP & AMP: from n/a through 1.7.72.
CVE-2024-5582 magazine3 Published on 17 Jul 2024, 08:15 UTC (CVSS: 0)
The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'url' attribute within the Q&A Block widget in all versions up to, and including, 1.33 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to i...
CVE-2024-1586 magazine3 Published on 29 Feb 2024, 01:43 UTC (CVSS: 0)
The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom schema in all versions up to, and including, 1.26 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. By default ...
CVE-2024-22146 magazine3 Published on 31 Jan 2024, 19:15 UTC (CVSS: 0)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Magazine3 Schema & Structured Data for WP & AMP allows Stored XSS.This issue affects Schema & Structured Data for WP & AMP: from n/a through 1.25.

All CVEs for magazine3

CVE-2024-47318 magazine3 vulnerability CVSS: 0 01 Nov 2024, 15:15 UTC

Missing Authorization vulnerability in Magazine3 PWA for WP & AMP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PWA for WP & AMP: from n/a through 1.7.72.

CVE-2024-5582 magazine3 vulnerability CVSS: 0 17 Jul 2024, 08:15 UTC

The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'url' attribute within the Q&A Block widget in all versions up to, and including, 1.33 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE-2024-1586 magazine3 vulnerability CVSS: 0 29 Feb 2024, 01:43 UTC

The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom schema in all versions up to, and including, 1.26 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. By default the required authentication level is admin, but administrators have the ability to assign role based access to users as low as subscriber.

CVE-2024-22146 magazine3 vulnerability CVSS: 0 31 Jan 2024, 19:15 UTC

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Magazine3 Schema & Structured Data for WP & AMP allows Stored XSS.This issue affects Schema & Structured Data for WP & AMP: from n/a through 1.25.

CVE-2023-6782 magazine3 vulnerability CVSS: 0 11 Jan 2024, 09:15 UTC

The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.0.92 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE-2023-35883 magazine3 vulnerability CVSS: 0 19 Dec 2023, 21:15 UTC

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Magazine3 Core Web Vitals & PageSpeed Booster.This issue affects Core Web Vitals & PageSpeed Booster: from n/a through 1.0.12.

CVE-2023-48321 magazine3 vulnerability CVSS: 0 30 Nov 2023, 17:15 UTC

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ahmed Kaludi, Mohammed Kaludi AMP for WP – Accelerated Mobile Pages allows Stored XSS.This issue affects AMP for WP – Accelerated Mobile Pages: from n/a through 1.0.88.1.

CVE-2021-4366 magazine3 vulnerability CVSS: 0 07 Jun 2023, 02:15 UTC

The PWA for WP & AMP plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the pwaforwp_update_features_options function in versions up to, and including, 1.7.32. This makes it possible for authenticated attackers to change the otherwise restricted settings within the plugin.

CVE-2021-4354 magazine3 vulnerability CVSS: 0 07 Jun 2023, 02:15 UTC

The PWA for WP & AMP for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the pwaforwp_splashscreen_uploader function in versions up to, and including, 1.7.32. This makes it possible for authenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.

CVE-2018-20838 magazine3 vulnerability CVSS: 3.5 13 May 2019, 05:29 UTC

ampforwp_save_steps_data in the AMP for WP plugin before 0.9.97.21 for WordPress allows stored XSS.