32 matches found
WordPress Plugin WebP Express Information Disclosure Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin WebP Express, which stem...
CVE-2025-11379
The WebP Express plugin for WordPress is vulnerable to information exposure via config files in all versions up to, and including, 0.25.9. This is due to the plugin not properly randomizing the name of the config file to prevent direct access on NGINX. This makes it possible for unauthenticated...
CVE-2025-11379
The WebP Express plugin for WordPress is vulnerable to information exposure via config files in all versions up to, and including, 0.25.9. This is due to the plugin not properly randomizing the name of the config file to prevent direct access on NGINX. This makes it possible for unauthenticated...
EUVD-2025-201141
The WebP Express plugin for WordPress is vulnerable to information exposure via config files in all versions up to, and including, 0.25.9. This is due to the plugin not properly randomizing the name of the config file to prevent direct access on NGINX. This makes it possible for unauthenticated...
CVE-2025-11379 WebP Express <= 0.25.9 - Unauthenticated Information Exposure
The WebP Express plugin for WordPress is vulnerable to information exposure via config files in all versions up to, and including, 0.25.9. This is due to the plugin not properly randomizing the name of the config file to prevent direct access on NGINX. This makes it possible for unauthenticated...
CVE-2025-11379
The CVE-2025-11379 entry refers to the WordPress WebP Express plugin being vulnerable to information exposure via config files in all versions up to 0.25.9. The root cause is described as the plugin not properly randomizing the config file name, allowing direct access on NGINX and enabling unauth...
WordPress plugin WebP Express 信息泄露漏洞
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin WebP Express, which stem...
PT-2025-49003
The WebP Express plugin for WordPress is vulnerable to information exposure via config files in all versions up to, and including, 0.25.9. This is due to the plugin not properly randomizing the name of the config file to prevent direct access on NGINX. This makes it possible for unauthenticated...
WordPress WebP Express plugin <= 0.25.9 - Unauthenticated Information Exposure vulnerability
Unauthenticated Information Exposure vulnerability discovered by Rafshanzani Suhada in WordPress Plugin WebP Express versions = 0.25.9...
EUVD-2019-6754
Malware in sbrugna...
EUVD-2019-6331
Malware in sbrugna...
CVE-2019-15330
The webp-express plugin before 0.14.11 for WordPress has insufficient protection against arbitrary file reading...
CVE-2019-15837
The webp-express plugin before 0.14.8 for WordPress has stored XSS...
WordPress WebP Express Plugin < 0.14.11 Information Disclosure Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.113503";...
WordPress WebP Express Plugin < 0.14.8 XSS Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.113502";...
WordPress webp-express plugin cross-site scripting vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. webp-express is a plugin that converts images from other formats to webp format. A cross-site scripting vulnerability exists in...
CVE-2019-15837
The webp-express plugin before 0.14.8 for WordPress has stored XSS...
CVE-2019-15837
The webp-express plugin before 0.14.8 for WordPress has stored XSS...
Cross site scripting
The webp-express plugin before 0.14.8 for WordPress has stored XSS...
CVE-2019-15837
The webp-express plugin before 0.14.8 for WordPress has stored XSS...