CVE-2021-4366
- Reference to the description:
- Description:
- The PWA for WP & AMP plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the pwaforwp_update_features_options function in versions up to, and including, 1.7.32. This makes it possible for authenticated attackers to change the otherwise restricted settings within the plugin.
- Last updated date:
- 06/14/2023
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 06/14/2023
- Reference url to background
https://blog.nintechnet.com/wordpress-pwa-for-wp-and-amp-plugin-fixed-vulnerabilities/