The Uploading SVG, WEBP and ICO files WordPress plugin through 1.2.1 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS...
5.4CVSS
5.2AI Score
0.0004EPSS
Authenticated Arbitrary File Upload vulnerability in dmitrylitvinov Uploading SVG, WEBP and ICO files plugin <= 1.0.1 at...
7.2CVSS
6.9AI Score
0.001EPSS
Authenticated (author+) Stored Cross-Site Scripting (XSS) vulnerability in dmitrylitvinov Uploading SVG, WEBP and ICO files plugin <= 1.0.1 at...
5.4CVSS
5.2AI Score
0.001EPSS
The WebP Converter for Media WordPress plugin before 4.0.3 contains a file (passthru.php) which does not validate the src parameter before redirecting the user to it, leading to an Open Redirect...
6.1CVSS
6.1AI Score
0.001EPSS
An issue was discovered in webp_server_go 0.4.0. There is a directory traversal vulnerability that can read arbitrary file information on the...
7.5CVSS
7.4AI Score
0.002EPSS
8.8CVSS
8.7AI Score
0.001EPSS
The webp-express plugin before 0.14.11 for WordPress has insufficient protection against arbitrary file...
7.5CVSS
7.6AI Score
0.002EPSS