WordPress Plugin Vulnerabilities

PWA for WP & AMP < 1.7.33 - Authenticated (Subscriber+) Settings Change

Description

The plugin did not have a capability check in its pwaforwp_update_features_options function, and relied on CSRF check, however, the nonce was available to any authenticated user. As a result, any authenticated user (such as a subscriber) could call it and change the plugin's settings

Affects Plugins

Plugin icon
pwa-for-wp
Fixed in 1.7.33

References

CVE
CVE-2021-4366
URL
https://blog.nintechnet.com/wordpress-pwa-for-wp-and-amp-plugin-fixed-vulnerabilities/

Miscellaneous

Original Researcher
Jerome Bruandet (nintechnet)
Verified
Yes
WPVDB ID
b38a51d7-375e-4cca-88ba-ccab796ac134

Timeline

Publicly Published
2021-07-01 (about 2 years ago)
Added
2021-07-02 (about 2 years ago)
Last Updated
2023-06-08 (about 11 months ago)

Other

Published
Title
Published
2014-08-01
Title
wp-homepage-slideshow - Arbitrary File Upload
Published
2012-04-03
Title
Another WordPress Classifieds < 2.0 - Unspecified Image Upload
Published
2024-01-16
Title
Product Import Export for WooCommerce < 2.3.8 - Shop Manager+ Arbitrary File Upload via upload_import_file
Published
2024-04-25
Title
XStore Core <= 5.3.5 - Authenticated (Subscriber+) Limited Arbitrary File Upload
Published
2014-08-01
Title
Category Grid View Gallery 0.1.1 - Shell Upload