Vulnerability

@makol I have archived your duplicate topic.

@jdembowski this problem is very acute, in case of mass attacks on sites, you will be written complaints

Sorry, what?

You created a new topic for the same thing and used abusive language. You dialed that abusive language up in a harassing review. And now you are threatening a volunteer forum moderator with “you will be written complaints”?

*Drinks coffee*

This is your warning: Your account is flagged for moderation and if you continue your abuse on this site then you will be banned if you cannot remain civil.

Everyone here, including yourself, is a volunteer including the plugin developers, support folk and moderators. Please take that into account the next time you consider insulting others.

Can you please show us how to create this?

More info on this would help us fix this faster.

Links with /?amp=1&s= and /xmlrpc.php work after removing the plugin, this creates a lot of problems

I understand but I’m still not able to understand to a point where I can recreate the issue in order to fix it.

Can you help me recreate it?

@ahmedkaludi
Hello.
Your plugin opens the door for brute force attacks – with password brute force, I solved the problem myself, and you need to improve your plugin because it is a security risk.

Have a good time

Can you help me see where it is open for brute force?

So I can fix it and improve the plugin further?

Hi, yea sure, look this post

https://github.com/1N3/Wordpress-XMLRPC-Brute-Force-Exploit

After removing the AMP plugin, the link yoursite.com/xmlrpc.php works and redirects to the AMP page

Read more here
https://www.hackers-arise.com/post/2017/08/30/web-app-hacking-part-5-exploiting-xmlrpc-for-bruteforcing-wordpress-sites

You need to improve the procedure for removing the plugin so that it does not leave garbage behind, the plugin helped me
Plugins Garbage Collector (Database Cleanup) Old!

Cybercriminals are getting more experienced every day, so I wish you good luck with your plugin

Thanks for sharing the valuable info. For this we have raised the GitHub ticket in our repository. We will resolve this in our upcoming updates. For reference I’m sharing with you the reference link to track the updates.

Reference ticket: https://github.com/ahmedkaludi/accelerated-mobile-pages/issues/5275

We have checked the xmlrpc.php issue please check the attached screenshot

1) Without the AMP plugin https://monosnap.com/file/ogi6bpzew9JWGwytuaarTm4lMzzUBb
2) Without the AMP plugin Mobile media https://monosnap.com/file/vpINF13fbBvG7kodhy51ltEEohL8sd
3) With the AMP plugin https://monosnap.com/file/SKqy3obUuGVtCm0W04yDHm7NT4FQva
4) With the AMP plugin Mobile media https://monosnap.com/file/F0mu18ckoLn1XtWGPR0GE7NIGyPq5O

Please check it once and let us know back.

Hello. if after removing the plugin there is no problem, then this is good, I will no longer test on my site.
Have a good week.
Best regards.