5 matches found
EUVD-2025-201141
The WebP Express plugin for WordPress is vulnerable to information exposure via config files in all versions up to, and including, 0.25.9. This is due to the plugin not properly randomizing the name of the config file to prevent direct access on NGINX. This makes it possible for unauthenticated...
CVE-2025-11379 WebP Express <= 0.25.9 - Unauthenticated Information Exposure
The WebP Express plugin for WordPress is vulnerable to information exposure via config files in all versions up to, and including, 0.25.9. This is due to the plugin not properly randomizing the name of the config file to prevent direct access on NGINX. This makes it possible for unauthenticated...
PT-2025-49003
The WebP Express plugin for WordPress is vulnerable to information exposure via config files in all versions up to, and including, 0.25.9. This is due to the plugin not properly randomizing the name of the config file to prevent direct access on NGINX. This makes it possible for unauthenticated...
WordPress WebP Express plugin <= 0.25.9 - Unauthenticated Information Exposure vulnerability
Unauthenticated Information Exposure vulnerability discovered by Rafshanzani Suhada in WordPress Plugin WebP Express versions = 0.25.9...
CVE-2007-3211
Cross-site scripting XSS vulnerability in 404.php in Domain Technologie Control DTC before 0.25.9 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO REQUESTURI. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...