Webp Security Vulnerabilities

CVE-2023-4460

The Uploading SVG, WEBP and ICO files WordPress plugin through 1.2.1 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS...

CVE-2022-36285

Authenticated Arbitrary File Upload vulnerability in dmitrylitvinov Uploading SVG, WEBP and ICO files plugin <= 1.0.1 at...

CVE-2022-34648

Authenticated (author+) Stored Cross-Site Scripting (XSS) vulnerability in dmitrylitvinov Uploading SVG, WEBP and ICO files plugin <= 1.0.1 at...

CVE-2021-25074

The WebP Converter for Media WordPress plugin before 4.0.3 contains a file (passthru.php) which does not validate the src parameter before redirecting the user to it, leading to an Open Redirect...

CVE-2021-46104

An issue was discovered in webp_server_go 0.4.0. There is a directory traversal vulnerability that can read arbitrary file information on the...

CVE-2019-15834

The webp-converter-for-media plugin before 1.0.3 for WordPress has...

CVE-2019-15330

The webp-express plugin before 0.14.11 for WordPress has insufficient protection against arbitrary file...