PT-2026-4379

Name of the Vulnerable Software and Affected Versions sheepfish WebP Conversion versions through 2.1 Description An issue exists in sheepfish WebP Conversion related to incorrectly configured access control security levels, allowing for missing authorization. The issue allows exploitation due to...

WordPress plugin WebP Conversion security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

MiracleLinux 8 : exempi-2.4.5-4.el8 (AXSA:2024-8237:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8237:01 advisory. exempi: denial of service via opening of crafted audio file with ID3V2 frame CVE-2020-18651 exempi: denial of service via opening of crafted webp fi...

MiracleLinux 8 : firefox-102.15.1-1.el8.ML.1 (AXSA:2023-6441:35)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2023-6441:35 advisory. libwebp: Heap buffer overflow in WebP Codec CVE-2023-4863 Tenable has extracted the preceding description block directly from the MiracleLinux security...

MiracleLinux 8 : libwebp-1.0.0-5.el8 (AXSA:2021-2754:03)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2754:03 advisory. libwebp: out-of-bounds read in WebPMuxCreateInternal CVE-2018-25009 libwebp: out-of-bounds read in ApplyFilter CVE-2018-25010 libwebp: out-of-bounds...

MiracleLinux 9 : firefox-102.15.1-1.el9.ML.1 (AXSA:2023-6450:36)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6450:36 advisory. libwebp: Heap buffer overflow in WebP Codec CVE-2023-4863 Tenable has extracted the preceding description block directly from the MiracleLinux security...

MiracleLinux 7 : firefox-102.15.1-1.0.1.el7.AXS7 (AXSA:2023-6415:34)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2023-6415:34 advisory. libwebp: Heap buffer overflow in WebP Codec CVE-2023-4863 Tenable has extracted the preceding description block directly from the MiracleLinux security...

MiracleLinux 8 : thunderbird-102.15.1-1.el8.ML.1 (AXSA:2023-6445:26)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2023-6445:26 advisory. libwebp: Heap buffer overflow in WebP Codec CVE-2023-4863 Tenable has extracted the preceding description block directly from the MiracleLinux security...

MiracleLinux 8 : exiv2-0.27.4-5.el8 (AXSA:2021-2752:04)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2752:04 advisory. exiv2: Heap-based buffer overflow in Jp2Image::readMetadata CVE-2021-3482 exiv2: Heap-based buffer overflow in Exiv2::Jp2Image::doWriteMetadata...

CVE-2025-15158

The WP Enable WebP plugin for WordPress is vulnerable to arbitrary file uploads due to improper file type validation in the 'wpsefileandextwebp' function in all versions up to, and including, 1.0. This makes it possible for authenticated attackers, with Author-level access and above, to upload...

CVE-2025-15158

The WP Enable WebP plugin for WordPress is vulnerable to arbitrary file uploads due to improper file type validation in the 'wpsefileandextwebp' function in all versions up to, and including, 1.0. This makes it possible for authenticated attackers, with Author-level access and above, to upload...

CVE-2025-15158

CVE-2025-15158 is a WordPress WP Enable WebP vulnerability. The Wordfence entry confirms an authenticated arbitrary file upload due to improper file-type validation in wpse_file_and_ext_webp, affecting WP Enable WebP

CVE-2025-15158 WP Enable WebP <= 1.0 - Authenticated (Author+) Arbitrary File Upload

The WP Enable WebP plugin for WordPress is vulnerable to arbitrary file uploads due to improper file type validation in the 'wpsefileandextwebp' function in all versions up to, and including, 1.0. This makes it possible for authenticated attackers, with Author-level access and above, to upload...

CVE-2025-15158 WP Enable WebP <= 1.0 - Authenticated (Author+) Arbitrary File Upload

The WP Enable WebP plugin for WordPress is vulnerable to arbitrary file uploads due to improper file type validation in the 'wpsefileandextwebp' function in all versions up to, and including, 1.0. This makes it possible for authenticated attackers, with Author-level access and above, to upload...

WordPress WP Enable WebP plugin <= 1.0 - Authenticated (Author+) Arbitrary File Upload vulnerability

Authenticated Author+ Arbitrary File Upload vulnerability discovered by ZAST.AI - ZAST.AI in WordPress Plugin WP Enable WebP versions = 1.0...

PT-2026-1600

Name of the Vulnerable Software and Affected Versions WP Enable WebP versions up to and including 1.0 Description The WP Enable WebP plugin for WordPress has a flaw allowing unauthorized file uploads. This is due to insufficient file type validation within the wpse file and ext webp function...

WordPress CITS Support svg, webp Media and TTF,OTF File Upload, Use Custom Fonts plugin <= 4.2 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by luckybuddy in WordPress Plugin cits-support-svg-webp-media-upload versions = 4.2...

CVE-2025-13750

The Converter for Media – Optimize images | Convert WebP & AVIF plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /webp-converter/v1/regenerate-attachment REST endpoint in all versions up to, and including, 6.3.2. This makes it possib...

CVE-2025-13750

The Converter for Media – Optimize images | Convert WebP & AVIF plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /webp-converter/v1/regenerate-attachment REST endpoint in all versions up to, and including, 6.3.2. This makes it possib...

CVE-2025-13750

Technical details for CVE-2025-13750 are not publicly available in the provided documents. Monitor for updates from official advisories to confirm affected versions, impact, and remediation.