Images to WebP < 1.9 - Authenticated Local File Inclusion

The Images to WebP WordPress plugin before version 1.9 did not validate or sanitize the tab parameter before using it in the include function. id: CVE-2021-24644 info: name: Images to WebP 1.9 - Authenticated Local File Inclusion author: Sourabh-Sahu severity: high description: | The Images to We...

EUVD-2021-11553

Malware in sbrugna...

CVE-2021-24644

The Images to WebP WordPress plugin before 1.9 does not validate or sanitise the tab parameter before passing it to the include function, which could lead to a Local File Inclusion issue...

CVE-2021-24641

The Images to WebP WordPress plugin before 1.9 does not have CSRF checks in place when performing some administrative actions, which could result in modification of plugin settings, Denial-of-Service, as well as arbitrary image conversion...

CVE-2021-24644

The Images to WebP WordPress plugin before 1.9 does not validate or sanitise the tab parameter before passing it to the include function, which could lead to a Local File Inclusion issue...

CVE-2021-24644 Images to WebP < 1.9 - Authenticated Local File Inclusion

The Images to WebP WordPress plugin before 1.9 does not validate or sanitise the tab parameter before passing it to the include function, which could lead to a Local File Inclusion issue...

EUVD-2021-11556

The Images to WebP WordPress plugin before 1.9 does not validate or sanitise the tab parameter before passing it to the include function, which could lead to a Local File Inclusion issue...

CVE-2021-24644

CVE-2021-24644 affects the Images to WebP WordPress plugin (versions prior to 1.9). The root cause is that the tab parameter is not validated/sanitized before being passed to include(), enabling Local File Inclusion. Exploitation context in connected data indicates an authenticated LFI scenario, ...

WordPress 路径遍历漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports personal blog sites on PHP and MySQL servers. A path traversal vulnerability exists in the WordPress plugin that stems from The Images to WebP not validating or...

WordPress 跨站请求伪造漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports personal blog sites on servers running PHP and MySQL. A cross-site request forgery vulnerability exists in the WordPress plugin that stems from The Images to WebP...

PT-2021-16161

Name of the Vulnerable Software and Affected Versions: Images to WebP WordPress plugin versions prior to 1.9 Description: The issue concerns a Local File Inclusion problem due to insufficient validation or sanitization of the tab parameter before it is passed to the include function...

WordPress Images to WebP plugin <= 1.8 - Authenticated Local File Inclusion (LFI) vulnerability

Authenticated Local File Inclusion LFI vulnerability discovered by apple502j in WordPress Images to WebP plugin versions = 1.8. Solution Update the WordPress Images to WebP plugin to the latest available version at least 1.9...

VulnCheck KEV: CVE-2021-24644

The Images to WebP WordPress plugin before 1.9 does not validate or sanitise the tab parameter before passing it to the include function, which could lead to a Local File Inclusion issue...