The PWA for WP & AMP for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the pwaforwp_splashscreen_uploader function in versions up to, and including, 1.7.32. This makes it possible for authenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.
References
Link | Resource |
---|---|
https://blog.nintechnet.com/wordpress-pwa-for-wp-and-amp-plugin-fixed-vulnerabilities/ | Exploit Third Party Advisory |
https://www.wordfence.com/threat-intel/vulnerabilities/id/6082791e-feac-41f7-b565-9d98624ddf50?source=cve | Third Party Advisory |
https://blog.nintechnet.com/wordpress-pwa-for-wp-and-amp-plugin-fixed-vulnerabilities/ | Exploit Third Party Advisory |
https://www.wordfence.com/threat-intel/vulnerabilities/id/6082791e-feac-41f7-b565-9d98624ddf50?source=cve | Third Party Advisory |
Configurations
History
21 Nov 2024, 06:37
Type | Values Removed | Values Added |
---|---|---|
References | () https://blog.nintechnet.com/wordpress-pwa-for-wp-and-amp-plugin-fixed-vulnerabilities/ - Exploit, Third Party Advisory | |
References | () https://www.wordfence.com/threat-intel/vulnerabilities/id/6082791e-feac-41f7-b565-9d98624ddf50?source=cve - Third Party Advisory |
14 Jun 2023, 18:20
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
First Time |
Magazine3 pwa For Wp \& Amp
Magazine3 |
|
CPE | cpe:2.3:a:magazine3:pwa_for_wp_\&_amp:*:*:*:*:*:wordpress:*:* | |
References | (MISC) https://blog.nintechnet.com/wordpress-pwa-for-wp-and-amp-plugin-fixed-vulnerabilities/ - Exploit, Third Party Advisory | |
References | (MISC) https://www.wordfence.com/threat-intel/vulnerabilities/id/6082791e-feac-41f7-b565-9d98624ddf50?source=cve - Third Party Advisory | |
CWE | CWE-434 |
07 Jun 2023, 02:44
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-06-07 02:15
Updated : 2024-11-21 06:37
NVD link : CVE-2021-4354
Mitre link : CVE-2021-4354
CVE.ORG link : CVE-2021-4354
JSON object : View
Products Affected
magazine3
- pwa_for_wp_\&_amp
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type