WordPress Plugin Vulnerabilities

PWA for WP & AMP < 1.7.33 - Authenticated (Subscriber+) Arbitrary File Upload

Description

The plugin did not have a capability check in its pwaforwp_splashscreen_uploader function, and relied on CSRF check, however, the nonce was available to any authenticated user. As a result, any authenticated user (such as a subscriber) could call it and upload a malicious zip file containing a shell.

Affects Plugins

Plugin icon
pwa-for-wp
Fixed in 1.7.33

References

CVE
CVE-2021-4354
URL
https://blog.nintechnet.com/wordpress-pwa-for-wp-and-amp-plugin-fixed-vulnerabilities/

Miscellaneous

Original Researcher
Jerome Bruandet (nintechnet)
Verified
Yes
WPVDB ID
db9d5a08-a16a-4767-8d85-1b3e02dbbfbd

Timeline

Publicly Published
2021-07-01 (about 4 years ago)
Added
2021-07-02 (about 4 years ago)
Last Updated
2023-06-08 (about 2 years ago)

Other

Published
Title
Published
2023-11-27
Title
Mollie Payments for WooCommerce < 7.3.12 - Authenticated (Shop Manager+) Arbitrary File Upload
Published
2025-04-18
Title
AIHub < 1.3.8 - Unauthenticated Arbitrary File Upload in generate_image
Published
2014-08-01
Title
Shotzz - Custom Background Shell Upload
Published
2025-04-03
Title
Woffice Core < 5.4.22 - Authenticated (Subscriber+) Arbitrary File Upload
Published
2023-12-12
Title
Export and Import Users and Customers < 2.4.9 - Shop Manager+ Arbitrary File Upload