cleantalk
Vulnerabilities and Security Researches

PWA for WP & AMP, CVE-2021-4366

CVE, Research URL

CVE-2021-4366

Home page URL

Security reports for PWA for WP & AMP

Application

PWA for WP & AMP

Published on
Jun 07, 2023
Research Description
The PWA for WP & AMP plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the pwaforwp_update_features_options function in versions up to, and including, 1.7.32. This makes it possible for authenticated attackers to change the otherwise restricted settings within the plugin.
Affected versions
Min -, max 1.7.33.
Status
vulnerable
Previous vulnerability researches
PWA for WP & AMP (CVE-2024-7759) , May 19, 2025
PWA for WP & AMP (CVE-2024-47318) , Sep 29, 2024
PWA for WP & AMP (2d58fea2639bbd2fa6bd4a9a4dbefba1f662bc7a) , Jun 06, 2024
PWA for WP & AMP (CVE-2021-4366) , Jun 06, 2024
PWA for WP & AMP (CVE-2021-4354) , Jun 06, 2024
New vulnerability
Formality (CVE-2025-3858) , May 20, 2025
PowerPress Podcasting plugin by Blubrry (CVE-2024-9227) , May 19, 2025
Free Booking Plugin for Hotels, Restaurant and Car Rental – eaSYNC (CVE-2024-9450) , May 19, 2025
PWA for WP & AMP (CVE-2024-7759) , May 19, 2025
Badgearoo (CVE-2025-1033) , May 19, 2025