A vulnerability marked as critical has been reported in mohammed_kaludi AMP for WP Plugin up to 1.1.12. Affected is the function ampforwp_save_local_font of the component ZIP file Handler. This manipulation causes unrestricted upload.

The identification of this vulnerability is CVE-2026-6101. It is possible to initiate the attack remotely. There is no exploit available.