PWA for WP – Progressive Web Apps Made Simple

Vulnerabilities 11Slug pwa-for-wpLatest version 1.7.86WordPress.org →

Minimum safe version

1.7.73

Update to 1.7.73 or later to address 11 fixable vulnerabilities

Latest available1.7.86 ✓

Medium 4.8

2025-05-19< 1.7.72

WordPress PWA for WP & AMP Plugin < 1.7.72 Administrator+ Stored XSS vulnerability is vulnerable to Cross Site Scripting (XSS)

Patchstack EUVD Wordfence CVE

Medium 4.3

2024-11-01< 1.7.73

CVE-2024-47318

CVE Patchstack Wordfence

N/A

< 1.0.9

PWA for WP <= 1.0.8 - XSS

WPScan

N/A

< 1.7.33

PWA for WP & AMP < 1.7.33 - Authenticated (Subscriber+) Settings Change

WPScan

N/A

< 1.7.33

PWA for WP & AMP < 1.7.33 - Authenticated (Subscriber+) Arbitrary File Upload

WPScan

Medium 4.3

2023-06-07< 1.7.33

CVE-2021-4366

CVE

High 8.8

2023-06-07< 1.7.33

CVE-2021-4354

CVE

N/A

2019-03-25< 1.0.9

PWA for WP & AMP Plugin <= 1.0.8 - Cross-Site Scripting

Wordfence

N/A

2021-07-01< 1.7.33

PWA for WP & AMP < = 1.7.32 - Missing Authorization

Wordfence

N/A

2021-07-01< 1.7.33

PWA for WP & AMP <= 1.7.32 - Arbitrary File Upload

Wordfence

N/A

2021-07-01< 1.7.33

WordPress PWA for WP & AMP plugin <= 1.7.32 - Authenticated Arbitrary File Upload vulnerability

Patchstack