← Back

Pwa For Wp & Amp

pwa_for_wp_&_amp

Vendor: Magazine3 • 4 CVEs

CVEs (4)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2024-7759
1Magazine3
1Pwa For Wp & Amp
Jun 11, 2025
May 15, 2025
N/A· v4
4.8 MEDIUM· v3
N/A· v2
The PWA for WP WordPress plugin before 1.7.72 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilter...Show more
The PWA for WP WordPress plugin before 1.7.72 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).Show less
CVE-2024-47318
1Magazine3
1Pwa For Wp & Amp
Apr 23, 2026
Nov 1, 2024
N/A· v4
8.8 HIGH· v3
N/A· v2
Missing Authorization vulnerability in Magazine3 PWA for WP & AMP pwa-for-wp.This issue affects PWA for WP & AMP: from n/a through <= 1.7.72.
CVE-2021-4366
1Magazine3
1Pwa For Wp & Amp
Apr 8, 2026
Jun 7, 2023
N/A· v4
4.3 MEDIUM· v3
N/A· v2
The PWA for WP & AMP plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the pwaforwp_update_features_options function in versions up to, and including, 1.7.32. This makes it...Show more
The PWA for WP & AMP plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the pwaforwp_update_features_options function in versions up to, and including, 1.7.32. This makes it possible for authenticated attackers to change the otherwise restricted settings within the plugin.Show less
CVE-2021-4354
1Magazine3
1Pwa For Wp & Amp
Apr 8, 2026
Jun 7, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
The PWA for WP & AMP for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the pwaforwp_splashscreen_uploader function in versions up to, and including, 1.7.32. This makes it possib...Show more
The PWA for WP & AMP for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the pwaforwp_splashscreen_uploader function in versions up to, and including, 1.7.32. This makes it possible for authenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.Show less