The Images to WebP WordPress plugin before 1.9 does not have CSRF checks in place when performing some administrative actions, which could result in modification of plugin settings, Denial-of-Service, as well as arbitrary image conversion
[
{
"product": "Images to WebP",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.9",
"status": "affected",
"version": "1.9",
"versionType": "custom"
}
]
}
]