CVE-2025-11379
The CVE-2025-11379 entry refers to the WordPress WebP Express plugin being vulnerable to information exposure via config files in all versions up to 0.25.9. The root cause is described as the plugin not properly randomizing the config file name, allowing direct access on NGINX and enabling unauth...