CVE-2021-25074 WebP Converter for Media < 4.0.3 - Unauthenticated Open redirect

2022-01-2408:01:22

CWE-601

WPScan

www.cve.org

0.001 Low

EPSS

Percentile

43.5%

JSON

The WebP Converter for Media WordPress plugin before 4.0.3 contains a file (passthru.php) which does not validate the src parameter before redirecting the user to it, leading to an Open Redirect issue

CNA Affected

[
  {
    "product": "WebP Converter for Media – Convert WebP and AVIF & Optimize Images",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "4.0.3",
        "status": "affected",
        "version": "4.0.3",
        "versionType": "custom"
      }
    ]
  }
]