VYPR

Pwa For Wp \& Amp

by Magazine3

CVEs (3)

  • CVE-2021-4354HigJun 7, 2023
    risk 0.58cvss 8.8epss 0.02

    The PWA for WP & AMP for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the pwaforwp_splashscreen_uploader function in versions up to, and including, 1.7.32. This makes it possible for authenticated attackers to upload arbitrary files on…

  • CVE-2021-4366MedJun 7, 2023
    risk 0.41cvss 6.3epss 0.01

    The PWA for WP & AMP plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the pwaforwp_update_features_options function in versions up to, and including, 1.7.32. This makes it possible for authenticated attackers to change the…

  • CVE-2024-47318MedNov 1, 2024
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in Magazine3 PWA for WP & AMP pwa-for-wp.This issue affects PWA for WP & AMP: from n/a through <= 1.7.72.