VYPR
Medium severity6.3NVD Advisory· Published Jun 7, 2023· Updated Apr 8, 2026

CVE-2021-4366

CVE-2021-4366

Description

The PWA for WP & AMP plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the pwaforwp_update_features_options function in versions up to, and including, 1.7.32. This makes it possible for authenticated attackers to change the otherwise restricted settings within the plugin.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • cpe:2.3:a:magazine3:pwa_for_wp_\&_amp:*:*:*:*:*:wordpress:*:*+ 1 more
    • cpe:2.3:a:magazine3:pwa_for_wp_\&_amp:*:*:*:*:*:wordpress:*:*range: <1.7.33
    • (no CPE)range: <=1.7.32

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.