WP-Safety

AMP WP – Google AMP For WP Security & Risk Analysis

wordpress.org/plugins/amp-wp

Automagically add Google AMP functionality to your site. Tons of Premium Features for FREE. Show/Hide Post Types, Categories, and Tags.

800 active installs v1.5.18 PHP 7.4+ WP 4.9.26+ Updated Jan 28, 2026
accelerated-mobile-pagesampamp-for-wordpressamp-for-wpmobile-theme
100
A · Safe
CVEs total1
Unpatched0
Last CVEOct 13, 2023
Plugin page Download
Safety Verdict

Is AMP WP – Google AMP For WP Safe to Use in 2026?

Generally Safe

Score 100/100

AMP WP – Google AMP For WP has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Oct 13, 2023Updated 2mo ago
Risk Assessment

The "amp-wp" plugin v1.5.18 presents a mixed security posture. While it demonstrates good practices in its handling of SQL queries and output escaping, with high percentages of prepared statements and properly escaped outputs, significant concerns arise from its attack surface. The presence of two AJAX handlers without authentication checks represents a considerable risk, potentially allowing unauthorized actions if these handlers can be triggered by unauthenticated users. The taint analysis, while limited, did identify one flow with unsanitized paths, though thankfully without critical or high severity implications in this scan. The vulnerability history shows one past medium-severity CVE, identified as CSRF. The fact that this vulnerability is currently patched is a positive sign, but the historical presence of CSRF suggests a need for ongoing vigilance regarding input validation and CSRF protection mechanisms, especially given the unprotected AJAX endpoints.

Key Concerns

  • 2 AJAX handlers without auth checks
  • 1 flow with unsanitized paths
  • 1 past medium severity CVE (CSRF)
Vulnerabilities
1

AMP WP – Google AMP For WP Security Vulnerabilities

CVEs by Year

1 CVE in 2023
2023
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2023-45831medium · 4.3Cross-Site Request Forgery (CSRF)

AMP WP <= 1.5.15 - Cross-Site Request Forgery via multiple settings pages

Oct 13, 2023 Patched in 1.5.16 (218d)
Code Analysis
Analyzed Mar 16, 2026

AMP WP – Google AMP For WP Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
4 prepared
Unescaped Output
143
598 escaped
Nonce Checks
10
Capability Checks
2
File Operations
2
External Requests
11
Bundled Libraries
2

Bundled Libraries

Select2jQuery

SQL Query Safety

80% prepared5 total queries

Output Escaping

81% escaped741 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

1 flows1 with unsanitized paths
<class-amp-wp-public> (public\class-amp-wp-public.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

AMP WP – Google AMP For WP Attack Surface

Entry Points2
Unprotected2

AJAX Handlers 2

authwp_ajax_amp_consent_submissionincludes\functions\amp-wp-template-functions.php:1168
noprivwp_ajax_amp_consent_submissionincludes\functions\amp-wp-template-functions.php:1169
WordPress Hooks 204
actionadmin_initadmin\class-amp-wp-admin.php:53
actionadmin_initadmin\class-amp-wp-admin.php:56
actionadmin_bar_menuadmin\class-amp-wp-admin.php:60
filterplugin_row_metaadmin\class-amp-wp-admin.php:70
actioninitadmin\class-amp-wp-admin.php:75
filteradmin_footer_textadmin\class-amp-wp-admin.php:78
actionadd_meta_boxesadmin\class-amp-wp-meta-box.php:19
actionsave_postadmin\class-amp-wp-meta-box.php:22
actionin_plugin_update_message-amp-wp/amp-wp.phpamp-wp.php:72
actionadmin_menuincludes\admin\class-amp-wp-add-ons.php:29
actionadmin_menuincludes\admin\class-amp-wp-help.php:29
actionadmin_menuincludes\admin\class-amp-wp-settings.php:36
actionadmin_noticesincludes\admin\class-amp-wp-settings.php:52
actionadmin_menuincludes\admin\class-amp-wp-system-status-override-function.php:28
actionadmin_menuincludes\admin\class-amp-wp-system-status.php:28
actionadmin_menuincludes\admin\class-amp-wp-welcome.php:38
filteramp_wp_settings_tab_menusincludes\admin\settings\class-amp-wp-analytics.php:30
actionamp_wp_settings_tab_sectionincludes\admin\settings\class-amp-wp-analytics.php:33
actionamp_wp_save_setting_sectionsincludes\admin\settings\class-amp-wp-analytics.php:36
filteramp_wp_settings_tab_menusincludes\admin\settings\class-amp-wp-gdpr.php:25
actionamp_wp_settings_tab_sectionincludes\admin\settings\class-amp-wp-gdpr.php:28
actionamp_wp_save_setting_sectionsincludes\admin\settings\class-amp-wp-gdpr.php:31
filteramp_wp_settings_tab_menusincludes\admin\settings\class-amp-wp-general.php:51
actionamp_wp_settings_tab_sectionincludes\admin\settings\class-amp-wp-general.php:54
actionamp_wp_save_setting_sectionsincludes\admin\settings\class-amp-wp-general.php:57
filteramp_wp_settings_tab_menusincludes\admin\settings\class-amp-wp-layout.php:31
actionamp_wp_settings_tab_sectionincludes\admin\settings\class-amp-wp-layout.php:34
actionamp_wp_save_setting_sectionsincludes\admin\settings\class-amp-wp-layout.php:37
filteramp_wp_settings_tab_menusincludes\admin\settings\class-amp-wp-notice-bar.php:24
actionamp_wp_settings_tab_sectionincludes\admin\settings\class-amp-wp-notice-bar.php:27
actionamp_wp_save_setting_sectionsincludes\admin\settings\class-amp-wp-notice-bar.php:30
filteramp_wp_settings_tab_menusincludes\admin\settings\class-amp-wp-social-links.php:25
actionamp_wp_settings_tab_sectionincludes\admin\settings\class-amp-wp-social-links.php:28
actionamp_wp_save_setting_sectionsincludes\admin\settings\class-amp-wp-social-links.php:31
filteramp_wp_settings_tab_menusincludes\admin\settings\class-amp-wp-structured-data.php:25
actionamp_wp_settings_tab_sectionincludes\admin\settings\class-amp-wp-structured-data.php:28
actionamp_wp_save_setting_sectionsincludes\admin\settings\class-amp-wp-structured-data.php:31
filteramp_wp_settings_tab_menusincludes\admin\settings\class-amp-wp-third-party-plugins-support.php:25
actionamp_wp_settings_tab_sectionincludes\admin\settings\class-amp-wp-third-party-plugins-support.php:28
actionamp_wp_save_setting_sectionsincludes\admin\settings\class-amp-wp-third-party-plugins-support.php:31
filteramp_wp_settings_tab_menusincludes\admin\settings\class-amp-wp-translation.php:26
actionamp_wp_settings_tab_sectionincludes\admin\settings\class-amp-wp-translation.php:29
actionamp_wp_save_setting_sectionsincludes\admin\settings\class-amp-wp-translation.php:32
filteramp_wp_welcome_tab_menusincludes\admin\welcome\class-amp-wp-credits.php:29
actionamp_wp_welcome_tab_sectionincludes\admin\welcome\class-amp-wp-credits.php:32
filteramp_wp_welcome_tab_menusincludes\admin\welcome\class-amp-wp-features.php:29
actionamp_wp_welcome_tab_sectionincludes\admin\welcome\class-amp-wp-features.php:32
filteramp_wp_welcome_tab_menusincludes\admin\welcome\class-amp-wp-getting-started.php:29
actionamp_wp_welcome_tab_sectionincludes\admin\welcome\class-amp-wp-getting-started.php:32
actionamp_wp_template_head_deferredincludes\class-amp-wp-custom-script.php:58
actionamp_wp_template_head_deferredincludes\class-amp-wp-custom-script.php:59
actionamp_wp_template_enqueue_scriptsincludes\class-amp-wp-custom-script.php:60
actionamp_wp_template_body_startincludes\class-amp-wp-custom-script.php:61
actiontemplate_redirectincludes\class-amp-wp-json-ld-generator.php:47
actionwpseo_json_ldincludes\class-amp-wp-json-ld-generator.php:50
actionwp_headincludes\class-amp-wp-json-ld-generator.php:103
actionamp_wp_template_headincludes\class-amp-wp-json-ld-generator.php:104
actioninitincludes\class-amp-wp-plugin-compatibility.php:34
actiontemplate_redirectincludes\class-amp-wp-plugin-compatibility.php:35
actioninitincludes\class-amp-wp-plugin-compatibility.php:37
actionafter_setup_themeincludes\class-amp-wp-plugin-compatibility.php:60
actioninitincludes\class-amp-wp-plugin-compatibility.php:98
actionplugins_loadedincludes\class-amp-wp-plugin-compatibility.php:102
filterprli-check-if-slugincludes\class-amp-wp-plugin-compatibility.php:111
filterpll_check_canonical_urlincludes\class-amp-wp-plugin-compatibility.php:120
actiontemplate_redirectincludes\class-amp-wp-plugin-compatibility.php:154
actiontemplate_redirectincludes\class-amp-wp-plugin-compatibility.php:161
actionafter_setup_themeincludes\class-amp-wp-plugin-compatibility.php:170
actionwpbuddy/rich_snippets/frontend/initincludes\class-amp-wp-plugin-compatibility.php:179
filterwpforms_frontend_shortcode_amp_textincludes\class-amp-wp-plugin-compatibility.php:188
filterpre_option_siteground_optimizer_combine_google_fontsincludes\class-amp-wp-plugin-compatibility.php:197
actionamp_wp_template_footerincludes\class-amp-wp-plugin-compatibility.php:223
filteramp_wp_transformer_exclude_subdirincludes\class-amp-wp-plugin-compatibility.php:227
filteramp_wp_amp_version_existsincludes\class-amp-wp-plugin-compatibility.php:247
filterrequestincludes\class-amp-wp-plugin-compatibility.php:306
filterrun_ngg_resource_managerincludes\class-amp-wp-plugin-compatibility.php:312
actionwpml_is_redirectedincludes\class-amp-wp-plugin-compatibility.php:318
actionamp_wp_template_headincludes\class-amp-wp-plugin-compatibility.php:429
filterpre_get_document_titleincludes\class-amp-wp-plugin-compatibility.php:438
filteramp_wp_json_ld_websiteincludes\class-amp-wp-plugin-compatibility.php:447
actionamp_wp_template_headincludes\class-amp-wp-plugin-compatibility.php:467
filterw3tc_minify_js_enableincludes\class-amp-wp-plugin-compatibility.php:487
filterw3tc_minify_css_enableincludes\class-amp-wp-plugin-compatibility.php:488
filterw3tc_minify_html_enableincludes\class-amp-wp-plugin-compatibility.php:489
filterdo_rocket_lazyloadincludes\class-amp-wp-plugin-compatibility.php:506
filterdo_rocket_lazyload_iframesincludes\class-amp-wp-plugin-compatibility.php:507
filterget_rocket_option_minify_google_fontsincludes\class-amp-wp-plugin-compatibility.php:514
filterget_rocket_option_minify_jsincludes\class-amp-wp-plugin-compatibility.php:517
filterget_rocket_option_minify_cssincludes\class-amp-wp-plugin-compatibility.php:518
filterwpsol_filter_js_noptimizeincludes\class-amp-wp-plugin-compatibility.php:529
filterwpsol_filter_css_noptimizeincludes\class-amp-wp-plugin-compatibility.php:530
filterlazyload_is_enabledincludes\class-amp-wp-plugin-compatibility.php:541
actionsq_canonicalincludes\class-amp-wp-plugin-compatibility.php:610
actionamp_wp_template_footerincludes\class-amp-wp-plugin-compatibility.php:626
filtersharing_showincludes\class-amp-wp-plugin-compatibility.php:630
filtervideopress_shortcode_optionsincludes\class-amp-wp-plugin-compatibility.php:642
filterwpseo_frontend_presenter_classesincludes\class-amp-wp-plugin-compatibility.php:659
filteraioseop_canonical_urlincludes\class-amp-wp-plugin-compatibility.php:765
filtermr_can_do_shortcodeincludes\class-amp-wp-plugin-compatibility.php:816
actionamp_wp_template_footerincludes\class-amp-wp-plugin-compatibility.php:887
actionamp_wp_template_headincludes\class-amp-wp-plugin-compatibility.php:889
actiontemplate_redirectincludes\class-amp-wp-redirect-router.php:65
actioninitincludes\class-amp-wp-rewrite-rules.php:67
actionroot_rewrite_rulesincludes\class-amp-wp-rewrite-rules.php:161
filterrewrite_rules_arrayincludes\class-amp-wp-rewrite-rules.php:162
filterscript_loader_tagincludes\class-amp-wp-scripts.php:77
filterscript_loader_srcincludes\class-amp-wp-scripts.php:94
filterscript_loader_tagincludes\class-amp-wp-scripts.php:110
filterstyle_loader_srcincludes\class-amp-wp-styles.php:113
actioninitincludes\class-amp-wp.php:188
actionadmin_enqueue_scriptsincludes\class-amp-wp.php:200
actionadmin_enqueue_scriptsincludes\class-amp-wp.php:201
filterembed_oembed_htmlincludes\components\class-amp-wp-iframe-component.php:55
actionwp_video_shortcodeincludes\components\class-amp-wp-iframe-component.php:56
filterpost_thumbnail_htmlincludes\components\class-amp-wp-img-component.php:22
filterget_avatarincludes\components\class-amp-wp-img-component.php:23
actioncustomize_preview_initincludes\customizer\amp-wp-core-customizer.php:152
actioncustomize_controls_enqueue_scriptsincludes\customizer\amp-wp-core-customizer.php:183
actioncustomize_registerincludes\customizer\amp-wp-core-customizer.php:250
actioncustomize_registerincludes\customizer\amp-wp-core-customizer.php:253
actioncustomize_registerincludes\customizer\amp-wp-core-customizer.php:256
actioncustomize_registerincludes\customizer\amp-wp-core-customizer.php:259
actioncustomize_registerincludes\customizer\amp-wp-core-customizer.php:262
actioncustomize_registerincludes\customizer\amp-wp-core-customizer.php:265
actioncustomize_registerincludes\customizer\amp-wp-core-customizer.php:268
actioncustomize_registerincludes\customizer\amp-wp-core-customizer.php:271
actionadmin_menuincludes\customizer\class-amp-wp-customize.php:26
actionamp_wp_template_headincludes\functions\amp-wp-template-functions.php:30
actionamp_wp_template_enqueue_scriptsincludes\functions\amp-wp-template-functions.php:87
actionamp_wp_template_enqueue_scriptsincludes\functions\amp-wp-template-functions.php:147
filteramp_wp_translation_stdincludes\functions\amp-wp-template-functions.php:349
filteramp_wp_template_show_on_frontincludes\functions\amp-wp-template-functions.php:425
filteramp_wp_template_page_on_frontincludes\functions\amp-wp-template-functions.php:441
actionamp_wp_template_headincludes\functions\amp-wp-template-functions.php:469
actionamp_wp_template_body_startincludes\functions\amp-wp-template-functions.php:483
actionamp_wp_template_footerincludes\functions\amp-wp-template-functions.php:497
filteramp_wp_template_auto_redirectincludes\functions\amp-wp-template-functions.php:520
filteramp_wp_filter_config_listincludes\functions\amp-wp-template-functions.php:611
filteramp_wp_url_format_filterincludes\functions\amp-wp-template-functions.php:630
actionamp_wp_analytics_gaincludes\functions\amp-wp-template-functions.php:671
actionamp_wp_analytics_fbpincludes\functions\amp-wp-template-functions.php:711
actionamp_wp_analytics_saincludes\functions\amp-wp-template-functions.php:747
actionamp_wp_analytics_qcincludes\functions\amp-wp-template-functions.php:782
actionamp_wp_analytics_acmincludes\functions\amp-wp-template-functions.php:820
actionamp_wp_analytics_cbincludes\functions\amp-wp-template-functions.php:858
actionamp_wp_analytics_comscoreincludes\functions\amp-wp-template-functions.php:893
actionamp_wp_analytics_yandex_metricaincludes\functions\amp-wp-template-functions.php:941
actionamp_wp_analytics_afsincludes\functions\amp-wp-template-functions.php:1013
actionamp_wp_analytics_adobeincludes\functions\amp-wp-template-functions.php:1059
actionamp_wp_notifications_barincludes\functions\amp-wp-template-functions.php:1089
actionamp_wp_gdpr_complianceincludes\functions\amp-wp-template-functions.php:1142
filteramp_wp_url_excludedincludes\functions\amp-wp-template-functions.php:1197
filterthe_contentincludes\functions\amp-wp-template-functions.php:1245
actionamp_wp_template_head_deferredincludes\functions\amp-wp-template-hooks.php:30
actionamp_wp_template_head_deferredincludes\functions\amp-wp-template-hooks.php:31
actionamp_wp_template_head_deferredincludes\functions\amp-wp-template-hooks.php:32
actionamp_wp_template_head_deferredincludes\functions\amp-wp-template-hooks.php:33
actionamp_wp_template_headincludes\functions\amp-wp-template-hooks.php:34
actionamp_wp_template_headincludes\functions\amp-wp-template-hooks.php:35
actionamp_wp_template_headincludes\functions\amp-wp-template-hooks.php:36
actionwp_headincludes\functions\amp-wp-template-hooks.php:37
filterwp_nav_menu_argsincludes\functions\amp-wp-template-hooks.php:38
actioninitincludes\functions\amp-wp-template-hooks.php:39
actionafter_setup_themeincludes\functions\amp-wp-template-hooks.php:41
actionamp_wp_template_headincludes\functions\amp-wp-theme-functions.php:615
actionamp_wp_template_footerincludes\functions\amp-wp-theme-functions.php:616
actionregistered_post_typeincludes\functions\amp-wp-theme-functions.php:2551
actionamp_wp_body_beginningincludes\functions\amp-wp-third-party-plugins-functions.php:65
actionamp_wp_post_content_belowincludes\functions\amp-wp-third-party-plugins-functions.php:114
actionamp_wp_post_content_beforeincludes\functions\amp-wp-third-party-plugins-functions.php:116
actionamp_wp_default_configurationspublic\class-amp-wp-public.php:108
actioninitpublic\class-amp-wp-public.php:113
actioninitpublic\class-amp-wp-public.php:114
actioninitpublic\class-amp-wp-public.php:117
filtertemplate_includepublic\class-amp-wp-public.php:120
filtercomments_templatepublic\class-amp-wp-public.php:123
actionafter_setup_themepublic\class-amp-wp-public.php:126
filterthe_contentpublic\class-amp-wp-public.php:129
actionwppublic\class-amp-wp-public.php:133
actionamp_wp_template_enqueue_scriptspublic\class-amp-wp-public.php:136
actionamp_wp_template_headpublic\class-amp-wp-public.php:139
filtertemplate_includepublic\class-amp-wp-public.php:142
actionamp_wp_template_footerpublic\class-amp-wp-public.php:143
actionpre_get_postspublic\class-amp-wp-public.php:147
actionpre_get_postspublic\class-amp-wp-public.php:148
actiontemplate_redirectpublic\class-amp-wp-public.php:150
filterredirect_canonicalpublic\class-amp-wp-public.php:151
filterrequestpublic\class-amp-wp-public.php:153
actiontemplate_redirectpublic\class-amp-wp-public.php:156
actiontemplate_redirectpublic\class-amp-wp-public.php:159
filternav_menu_link_attributespublic\class-amp-wp-public.php:451
filterthe_contentpublic\class-amp-wp-public.php:452
filterauthor_linkpublic\class-amp-wp-public.php:454
filterterm_linkpublic\class-amp-wp-public.php:455
filterpost_linkpublic\class-amp-wp-public.php:457
filterpage_linkpublic\class-amp-wp-public.php:458
filterattachment_linkpublic\class-amp-wp-public.php:459
filterpost_type_linkpublic\class-amp-wp-public.php:460
actionwp_print_scriptspublic\class-amp-wp-public.php:943
filteramp_wp_json_ld_configpublic\class-amp-wp-public.php:1010
filterpre_option_page_on_frontpublic\class-amp-wp-public.php:1039
filterpre_option_show_on_frontpublic\class-amp-wp-public.php:1040
filteramp_wp_ads_manager_fieldspublic\partials\tez\amp-wp-ads-manager\ads.php:18
filteramp_wp_ads_manager_stdpublic\partials\tez\amp-wp-ads-manager\ads.php:222
Maintenance & Trust

AMP WP – Google AMP For WP Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 28, 2026
PHP min version7.4
Downloads76K

Community Trust

Rating90/100
Number of ratings55
Active installs800
Alternatives

AMP WP – Google AMP For WP Alternatives

easy AMP

easy AMP

wp-amp-it-up

A
92

Enable AMP (Accelerated Mobile Pages) on your site. Just install, activate and it´s done! The official AMP Plugin for WordPress by amp-cloud.

700 No CVEs
AMP for WP – Accelerated Mobile Pages

AMP for WP – Accelerated Mobile Pages

accelerated-mobile-pages

A
92

AMP for WP is the most recommended AMP plugin by the community. Automatically add Accelerated Mobile Pages (Google AMP Project) functionality on your &hellip;

90K 14 CVEs
AMP on WordPress – weeblrAMP CE

AMP on WordPress – weeblrAMP CE

weeblramp

A
85

weeblrAMP provides advanced support for Accelerated Mobile Pages for WordPress: posts, pages, categories, tags and archives.

70 No CVEs
WP AMP Website

WP AMP Website

wp-amp-website

A
85

Most popular plugin to build a light waighted wordpress AMP website.

20 No CVEs
PWA+AMP

PWA+AMP

pwamp

A
85

Converts WordPress into Progressive Web Apps and Accelerated Mobile Pages styles.

10 No CVEs
Developer Profile

AMP WP – Google AMP For WP Developer Profile

Pixelative

1 plugin · 800 total installs

79
trust score
Avg Security Score
100/100
Avg Patch Time
218 days
View full developer profile
Detection Fingerprints

How We Detect AMP WP – Google AMP For WP

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/amp-wp/public/css/amp-html.css/wp-content/plugins/amp-wp/public/css/amp-styles.css/wp-content/plugins/amp-wp/public/css/amp-custom.css/wp-content/plugins/amp-wp/public/js/amp-custom.js/wp-content/plugins/amp-wp/public/js/amp-scripts.js/wp-content/plugins/amp-wp/public/js/amp-share-button.js/wp-content/plugins/amp-wp/public/js/amp-video-player.js/wp-content/plugins/amp-wp/public/js/amp-menu.js+15 more
Script Paths
/wp-content/plugins/amp-wp/public/js/amp-custom.js/wp-content/plugins/amp-wp/public/js/amp-scripts.js/wp-content/plugins/amp-wp/public/js/amp-share-button.js/wp-content/plugins/amp-wp/public/js/amp-video-player.js/wp-content/plugins/amp-wp/public/js/amp-menu.js/wp-content/plugins/amp-wp/public/js/amp-magnific-popup.js+14 more
Version Parameters
amp-wp/style.css?ver=amp-wp/script.js?ver=amp-wp-admin.css?ver=amp-wp-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
amp-wp-amp-wp-content
HTML Comments
<!-- Generated by AMP -->
Data Attributes
data-amp-custom
JS Globals
amp_wp_objamp_wp_settings
REST Endpoints
/wp-json/amp/v1/settings
FAQ

Frequently Asked Questions about AMP WP – Google AMP For WP