CVE-2018-20838 (amp_for_wp)

ampforwp_save_steps_data in the AMP for WP plugin before 0.9.97.21 for WordPress allows stored XSS.
Source: NIST
CVE-2018-20838 (amp_for_wp)