WordPress WebP Conversion plugin <= 2.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin WebP Conversion versions = 2.2...

CVE-2026-24530

Missing Authorization vulnerability in sheepfish WebP Conversion webp-conversion allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WebP Conversion: from n/a through = 2.2...

CVE-2026-24530 WordPress WebP Conversion plugin <= 2.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in sheepfish WebP Conversion webp-conversion allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WebP Conversion: from n/a through = 2.2...

CVE-2026-24530

Missing Authorization vulnerability in sheepfish WebP Conversion webp-conversion allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WebP Conversion: from n/a through = 2.1...

WordPress plugin WebP Conversion security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

PT-2026-4379

Name of the Vulnerable Software and Affected Versions sheepfish WebP Conversion versions through 2.1 Description An issue exists in sheepfish WebP Conversion related to incorrectly configured access control security levels, allowing for missing authorization. The issue allows exploitation due to...

EUVD-2019-0219

Malware in sbrugna...

Images to WebP < 1.9 - Authenticated Local File Inclusion

The plugin does not validate or sanitise the tab parameter before passing it to the include function, which could lead to a Local File Inclusion issue Assuming WordPress installed at C:\xampp\htdocs\wordpress,...

Images to WebP < 1.9 - Authenticated Local File Inclusion

The plugin does not validate or sanitise the tab parameter before passing it to the include function, which could lead to a Local File Inclusion issue PoC Assuming WordPress installed at C:\xampp\htdocs\wordpress,...

Images to WebP < 1.9 - Multiple Cross Site Request Forgery (CSRF)

The plugin does not have CSRF checks in place when performing some administrative actions, which could result in modification of plugin settings, Denial-of-Service, as well as arbitrary image conversion PoC The PoC varies based on the endpoint targeted. Here is one example that will modify the...

Images to WebP < 1.9 - Multiple Cross Site Request Forgery (CSRF)

The plugin does not have CSRF checks in place when performing some administrative actions, which could result in modification of plugin settings, Denial-of-Service, as well as arbitrary image conversion The PoC varies based on the endpoint targeted. Here is one example that will modify the...

CVE-2016-7568

An integer overflow flaw, leading to a heap-based buffer overflow, was found in gd. A specially crafted image, when converted to webp, could cause the application to crash or potentially execute arbitrary code...