Vulnerabilities > Magazine3 > PWA FOR WP AMP > 1.7.11

DATE CVE VULNERABILITY TITLE RISK
2023-06-07 CVE-2021-4354 Unrestricted Upload of File with Dangerous Type vulnerability in Magazine3 PWA for WP & AMP
The PWA for WP & AMP for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the pwaforwp_splashscreen_uploader function in versions up to, and including, 1.7.32.
network
low complexity
magazine3 CWE-434
8.8
8.8
2023-06-07 CVE-2021-4366 Missing Authorization vulnerability in Magazine3 PWA for WP & AMP
The PWA for WP & AMP plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the pwaforwp_update_features_options function in versions up to, and including, 1.7.32.
network
low complexity
magazine3 CWE-862
4.3
4.3