WebP Express <= 0.14.10 - Multiple Issues



Description
- Arbitrary File Viewing
- CRSF
- XSS (including https://wpvulndb.com/vulnerabilities/9389)
- Unauthorised Access

Affects Plugin

fixed in version 0.14.11

References

CVE 2019-15330
URL https://plugins.trac.wordpress.org/changeset?reponame=&new=2111370%40webp-express&old=2089103%40webp-express

Classification

Type CSRF
CWE CWE-352

Miscellaneous

Views 2434
Verified No
WPVDB ID 9341

Timeline

Publicly Published 2019-06-16 (5 months ago)
Added 2019-06-16 (5 months ago)
Last Updated 2019-08-23 (3 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin