cleantalk
Vulnerabilities and Security Researches

PWA for WP & AMP, CVE-2021-4366

CVE, Research URL

CVE-2021-4366

Home page URL

Security reports for PWA for WP & AMP

Application

PWA for WP & AMP

Published on
Jun 07, 2023
Research Description
The PWA for WP & AMP plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the pwaforwp_update_features_options function in versions up to, and including, 1.7.32. This makes it possible for authenticated attackers to change the otherwise restricted settings within the plugin.
Affected versions
max 1.7.33.
Status
vulnerable
Previous vulnerability researches
PWA for WP & AMP (CVE-2024-7759) , May 19, 2025
PWA for WP & AMP (CVE-2024-47318) , Sep 29, 2024
PWA for WP & AMP (2d58fea2639bbd2fa6bd4a9a4dbefba1f662bc7a) , Jun 06, 2024
PWA for WP & AMP (CVE-2021-4366) , Jun 06, 2024
PWA for WP & AMP (CVE-2021-4354) , Jun 06, 2024
New vulnerability
GitHub Gist Shortcode Plugin (CVE-2025-12667) , Dec 12, 2025
Cryptocurrency Payment Gateway for WooCommerce (CVE-2025-12392) , Dec 12, 2025
Wbcom Designs – Private Community for BuddyPress (CVE-2025-67582) , Dec 12, 2025
WP-Walla (CVE-2025-12589) , Dec 12, 2025
Master Addons for Elementor (CVE-2025-63055) , Dec 12, 2025