CVE-2021-4354

The PWA for WP & AMP for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the pwaforwp_splashscreen_uploader function in versions up to, and including, 1.7.32. This makes it possible for authenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.
Configurations

Configuration 1 (hide)

cpe:2.3:a:magazine3:pwa_for_wp_\&_amp:*:*:*:*:*:wordpress:*:*

History

21 Nov 2024, 06:37

Type Values Removed Values Added
References () https://blog.nintechnet.com/wordpress-pwa-for-wp-and-amp-plugin-fixed-vulnerabilities/ - Exploit, Third Party Advisory () https://blog.nintechnet.com/wordpress-pwa-for-wp-and-amp-plugin-fixed-vulnerabilities/ - Exploit, Third Party Advisory
References () https://www.wordfence.com/threat-intel/vulnerabilities/id/6082791e-feac-41f7-b565-9d98624ddf50?source=cve - Third Party Advisory () https://www.wordfence.com/threat-intel/vulnerabilities/id/6082791e-feac-41f7-b565-9d98624ddf50?source=cve - Third Party Advisory

14 Jun 2023, 18:20

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8
First Time Magazine3 pwa For Wp \& Amp
Magazine3
CPE cpe:2.3:a:magazine3:pwa_for_wp_\&_amp:*:*:*:*:*:wordpress:*:*
References (MISC) https://blog.nintechnet.com/wordpress-pwa-for-wp-and-amp-plugin-fixed-vulnerabilities/ - (MISC) https://blog.nintechnet.com/wordpress-pwa-for-wp-and-amp-plugin-fixed-vulnerabilities/ - Exploit, Third Party Advisory
References (MISC) https://www.wordfence.com/threat-intel/vulnerabilities/id/6082791e-feac-41f7-b565-9d98624ddf50?source=cve - (MISC) https://www.wordfence.com/threat-intel/vulnerabilities/id/6082791e-feac-41f7-b565-9d98624ddf50?source=cve - Third Party Advisory
CWE CWE-434

07 Jun 2023, 02:44

Type Values Removed Values Added
New CVE

Information

Published : 2023-06-07 02:15

Updated : 2024-11-21 06:37


NVD link : CVE-2021-4354

Mitre link : CVE-2021-4354

CVE.ORG link : CVE-2021-4354


JSON object : View

Products Affected

magazine3

  • pwa_for_wp_\&_amp
CWE
CWE-434

Unrestricted Upload of File with Dangerous Type