8 matches found
CVE-2025-11379
The WebP Express plugin for WordPress is vulnerable to information exposure via config files in all versions up to, and including, 0.25.9. This is due to the plugin not properly randomizing the name of the config file to prevent direct access on NGINX. This makes it possible for unauthenticated...
CVE-2019-15330
The webp-express plugin before 0.14.11 for WordPress has insufficient protection against arbitrary file reading...
WordPress webp-express plugin cross-site scripting vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. webp-express is a plugin that converts images from other formats to webp format. A cross-site scripting vulnerability exists in...
CVE-2019-15837
The webp-express plugin before 0.14.8 for WordPress has stored XSS...
Cross site scripting
The webp-express plugin before 0.14.8 for WordPress has stored XSS...
CVE-2019-15837
The webp-express plugin before 0.14.8 for WordPress has stored XSS...
WordPress webp-express plugin information disclosure vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. webp-express is a plugin that converts images from other formats to webp format. An information disclosure vulnerability exists in the...
CVE-2019-15330
The webp-express plugin before 0.14.11 for WordPress has insufficient protection against arbitrary file reading...