767 matches found
CVE-2025-13750 Converter for Media <= 6.3.2 - Missing Authorization to Authenticated (Subscriber+) Optimized Image Deletion via regenerate-attachment REST Endpoint
The Converter for Media – Optimize images | Convert WebP & AVIF plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /webp-converter/v1/regenerate-attachment REST endpoint in all versions up to, and including, 6.3.2. This makes it possib...
EUVD-2025-203883
The Converter for Media – Optimize images | Convert WebP & AVIF plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /webp-converter/v1/regenerate-attachment REST endpoint in all versions up to, and including, 6.3.2. This makes it possib...
WordPress plugin Converter for Media 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
PT-2025-51816
The Converter for Media – Optimize images | Convert WebP & AVIF plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /webp-converter/v1/regenerate-attachment REST endpoint in all versions up to, and including, 6.3.2. This makes it possib...
WordPress Plugin WebP Express Information Disclosure Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin WebP Express, which stem...
CVE-2025-11379
The WebP Express plugin for WordPress is vulnerable to information exposure via config files in all versions up to, and including, 0.25.9. This is due to the plugin not properly randomizing the name of the config file to prevent direct access on NGINX. This makes it possible for unauthenticated...
CVE-2025-11379
The WebP Express plugin for WordPress is vulnerable to information exposure via config files in all versions up to, and including, 0.25.9. This is due to the plugin not properly randomizing the name of the config file to prevent direct access on NGINX. This makes it possible for unauthenticated...
CVE-2025-11379
The CVE-2025-11379 entry refers to the WordPress WebP Express plugin being vulnerable to information exposure via config files in all versions up to 0.25.9. The root cause is described as the plugin not properly randomizing the config file name, allowing direct access on NGINX and enabling unauth...
CVE-2025-11379 WebP Express <= 0.25.9 - Unauthenticated Information Exposure
The WebP Express plugin for WordPress is vulnerable to information exposure via config files in all versions up to, and including, 0.25.9. This is due to the plugin not properly randomizing the name of the config file to prevent direct access on NGINX. This makes it possible for unauthenticated...
EUVD-2025-201141
The WebP Express plugin for WordPress is vulnerable to information exposure via config files in all versions up to, and including, 0.25.9. This is due to the plugin not properly randomizing the name of the config file to prevent direct access on NGINX. This makes it possible for unauthenticated...
PT-2025-49003
The WebP Express plugin for WordPress is vulnerable to information exposure via config files in all versions up to, and including, 0.25.9. This is due to the plugin not properly randomizing the name of the config file to prevent direct access on NGINX. This makes it possible for unauthenticated...
WordPress plugin WebP Express 信息泄露漏洞
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin WebP Express, which stem...
WordPress WebP Express plugin <= 0.25.9 - Unauthenticated Information Exposure vulnerability
Unauthenticated Information Exposure vulnerability discovered by Rafshanzani Suhada in WordPress Plugin WebP Express versions = 0.25.9...
TencentOS Server 4: libwebp (TSSA-2024:0939)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0939 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...
TencentOS Server 3: exempi (TSSA-2024:0198)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0198 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
CVE-2025-13069
The Enable SVG, WebP, and ICO Upload plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 1.1.3. This is due to insufficient file type validation detecting ICO files, allowing double extension files with the appropriate magic bytes to bypass sanitizati...
CVE-2025-13069 Enable SVG, WebP, and ICO Upload <= 1.1.3 - Authenticated (Author+) Arbitrary File Upload via ICO Upload Bypass
The Enable SVG, WebP, and ICO Upload plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 1.1.3. This is due to insufficient file type validation detecting ICO files, allowing double extension files with the appropriate magic bytes to bypass sanitizati...
CVE-2025-13069 Enable SVG, WebP, and ICO Upload <= 1.1.3 - Authenticated (Author+) Arbitrary File Upload via ICO Upload Bypass
The Enable SVG, WebP, and ICO Upload plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 1.1.3. This is due to insufficient file type validation detecting ICO files, allowing double extension files with the appropriate magic bytes to bypass sanitizati...
WordPress plugin Enable SVG, WebP, and ICO Upload 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which provides the ability to host personal blogs on PHP and MySQL-based servers. A co...
PT-2025-47285
Name of the Vulnerable Software and Affected Versions Enable SVG, WebP, and ICO Upload plugin for WordPress versions up to and including 1.1.2 Description The Enable SVG, WebP, and ICO Upload plugin for WordPress is susceptible to arbitrary file upload due to insufficient file type validation whe...