Lucene search
+L

11 matches found

euvd
euvd
added 2025/10/03 8:7 p.m.5 views

EUVD-2021-34193

Malicious code in bioql PyPI...

6.3CVSS5.1AI score0.00637EPSS
Exploits1References3
nvd
nvd
added 2025/05/15 8:15 p.m.6 views

CVE-2024-7759

The PWA for WP WordPress plugin before 1.7.72 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS0.00266EPSS
Exploits1References1
vulnrichment
vulnrichment
added 2025/05/15 8:7 p.m.6 views

CVE-2024-7759 PWA For WP & AMP < 1.7.72 Administrator+ Stored XSS

The PWA for WP WordPress plugin before 1.7.72 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9AI score0.00266EPSS
Exploits1References1
cvelist
cvelist
added 2025/05/15 8:7 p.m.16 views

CVE-2024-7759 PWA For WP & AMP < 1.7.72 Administrator+ Stored XSS

The PWA for WP WordPress plugin before 1.7.72 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

0.00266EPSS
Exploits1References1
cve
cve
added 2025/05/15 8:7 p.m.34 views

CVE-2024-7759

The CVE-2024-7759 entry applies to the WordPress plugin “PWA for WP” (WordPress plugin) versions prior to 1.7.72. The issue is due to insufficient sanitisation/escaping of some settings, enabling Stored Cross-Site Scripting (Stored XSS) by high-privilege users (e.g., admins) even when unfiltered_...

4.8CVSS5.7AI score0.00266EPSS
Exploits1References1Affected Software1
ptsecurity
ptsecurity
added 2025/05/15 12:0 a.m.6 views

PT-2025-21501 · WordPress · Pwa For Wp

Name of the Vulnerable Software and Affected Versions: The PWA for WP WordPress plugin versions prior to 1.7.72 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This is possible because some settings are not properly sanitised and...

4.8CVSS4.6AI score0.00266EPSS
Exploits1References4
prion
prion
added 2023/06/07 2:15 a.m.13 views

Authorization

The PWA for WP & AMP plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the pwaforwpupdatefeaturesoptions function in versions up to, and including, 1.7.32. This makes it possible for authenticated attackers to change the otherwise restricted settings...

4CVSS4.5AI score0.00637EPSS
Exploits1References3Affected Software1
prion
prion
added 2023/06/07 2:15 a.m.20 views

Input validation

The PWA for WP & AMP for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the pwaforwpsplashscreenuploader function in versions up to, and including, 1.7.32. This makes it possible for authenticated attackers to upload arbitrary files on the affected sites...

6.5CVSS8.8AI score0.01817EPSS
Exploits1References2Affected Software1
cvelist
cvelist
added 2023/06/07 1:51 a.m.27 views

CVE-2021-4366 PWA for WP & AMP < = 1.7.32 - Missing Authorization

The PWA for WP & AMP plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the pwaforwpupdatefeaturesoptions function in versions up to, and including, 1.7.32. This makes it possible for authenticated attackers to change the otherwise restricted settings...

6.3CVSS6.2AI score0.00637EPSS
Exploits1References3
cve
cve
added 2023/06/07 1:51 a.m.47 views

CVE-2021-4366

The CVE-2021-4366 entry concerns the WordPress PWA for WP & AMP plugin. Affected component: pwaforwp_update_features_options function. Root cause: missing capability check leads to an authorization bypass in versions up to and including 1.7.32, allowing authenticated attackers to alter restricted...

6.3CVSS4.3AI score0.00637EPSS
Exploits1References3Affected Software1
wpvulndb
wpvulndb
added 2019/03/25 12:0 a.m.8 views

PWA for WP <= 1.0.8 - XSS

The PWA for WP & AMP WordPress plugin was affected by a XSS security vulnerability...

2.2AI score
Exploits0References1Affected Software1
Rows per page
Query Builder