GCVE - cpe:2.3:a:magazine3:pwa_for_wp_\&_amp:*:*:*:*:*:wordpress:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:magazine3:pwa_for_wp_\&_amp:*:*:*:*:*:wordpress:*:*

part: a version: * update: *

Vendor	Magazine3 (`7e4cb157-d360-562d-a694-e813be0c8ddb`)
Product	Pwa For Wp & Amp (`9ce16dfc-a5af-5aae-9e31-e0eb67542a6d`)
Edition	*
Language	*
Software edition	*
Target software	wordpress
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-7759`	vulnerable	2026-06-08 06:58:23.383810	PWA For WP & AMP < 1.7.72 Administrator+ Stored XSS The PWA for WP WordPress plugin before 1.7.72 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). Published: 2025-05-15T20:07:11.389Z Updated: 2025-05-17T03:35:35.915Z Open on db.gcve.eu Reference links https://wpscan.com/vulnerability/6e495b39-f9ef-45dd-b839-65c71a082f2b/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-47318`	vulnerable	2026-06-08 06:48:11.764182	WordPress PWA for WP & AMP plugin <= 1.7.72 - Broken Access Control vulnerability MEDIUM (4.3) Missing Authorization vulnerability in Magazine3 PWA for WP & AMP pwa-for-wp.This issue affects PWA for WP & AMP: from n/a through <= 1.7.72. Published: 2024-11-01T14:17:05.493Z Updated: 2026-04-28T16:10:18.809Z Open on db.gcve.eu Reference links https://patchstack.com/database/Wordpress/Plugin/pwa-for-wp/vulnerability/wordpress-pwa-for-wp-amp-plugin-1-7-72-broken-access-control-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-4366`	vulnerable	2026-06-08 05:38:09.280894	PWA for WP & AMP < = 1.7.32 - Missing Authorization MEDIUM (6.3) The PWA for WP & AMP plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the pwaforwp_update_features_options function in versions up to, and including, 1.7.32. This makes it possible for authenticated attackers to change the otherwise restricted settings within the plugin. Published: 2023-06-07T01:51:36.574Z Updated: 2026-04-08T17:14:08.540Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/a9892dd1-3939-41a9-a828-fa1bf7d96eb8?source=cve https://blog.nintechnet.com/wordpress-pwa-for-wp-and-amp-plugin-fixed-vulnerabilities/ https://wpscan.com/vulnerability/b38a51d7-375e-4cca-88ba-ccab796ac134	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-4354`	vulnerable	2026-06-08 05:38:09.257533	PWA for WP & AMP <= 1.7.32 - Arbitrary File Upload HIGH (8.8) The PWA for WP & AMP for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the pwaforwp_splashscreen_uploader function in versions up to, and including, 1.7.32. This makes it possible for authenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible. Published: 2023-06-07T01:51:22.946Z Updated: 2026-04-08T16:56:37.392Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/6082791e-feac-41f7-b565-9d98624ddf50?source=cve https://blog.nintechnet.com/wordpress-pwa-for-wp-and-amp-plugin-fixed-vulnerabilities/	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Pwa For Wp & Amp

PURL mappings

Vulnerability references

Contribute