Description
WordPress Plugin PWA for WP & AMP is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently change plugin�s settings, or even upload arbitrary files. WordPress Plugin PWA for WP & AMP version 1.7.32 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.7.33 or latest
References
Related Vulnerabilities
WordPress Plugin iPages Flipbook For WordPress Cross-Site Scripting (1.4.2)
WordPress Plugin Hustle-Pop-Ups, Slide-ins and Email Opt-ins CSV Injection (6.0.7)
WordPress Plugin Dynamic Widgets 'id' Parameter Cross-Site Scripting (1.5.1)
WordPress Plugin Invoicing with InvoiceXpress for WooCommerce-Free Cross-Site Scripting (3.0.2)
WordPress Plugin WP iCommerce-the first interactive ecommerce for wordpress SQL Injection (1.1.1)