cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-9361,https://securityvulnerability.io/vulnerability/CVE-2024-9361,Unauthorized Data Modification Vulnerability in Bulk Images Optimizer Plugin,"The Bulk images optimizer: Resize, optimize, convert to webp, rename … plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_configuration' function in all versions up to, and including, 2.0.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update plugin options.",Wordpress,"Bulk Images Optimizer: Resize, Optimize, Convert To Webp, Rename …",4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-10-18T04:32:55.239Z,0
CVE-2023-3352,https://securityvulnerability.io/vulnerability/CVE-2023-3352,Unauthorized Deletion of Resmush List in Smush Plugin for WordPress,"The Smush plugin for WordPress contains a vulnerability that allows authenticated attackers, even those with limited user roles like subscribers, to delete the resmush list associated with the Nextgen Gallery or the Media Library. This issue arises from a missing capability check in the delete_resmush_list() function, which could lead to significant data loss and compromise the integrity of media files managed by the plugin. Website administrators are advised to address this vulnerability promptly to safeguard their site from unauthorized actions.",Wordpress,Smush Image Optimization – Optimize Images | Compress & Lazy Load Images | Convert Webp | Image Cdn,4.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-06-21T02:05:43.900Z,0
CVE-2024-4636,https://securityvulnerability.io/vulnerability/CVE-2024-4636,Stored Cross-Site Scripting Vulnerability in Image Optimization Plugin,"The Image Optimization by Optimole – Lazy Load, CDN, Convert WebP & AVIF plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘allow_meme_types’ function in versions up to, and including, 3.12.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,"Image Optimization By Optimole – Lazy Load, Cdn, Convert Webp & Avif",6.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-05-15T06:51:55.715Z,0
CVE-2021-25074,https://securityvulnerability.io/vulnerability/CVE-2021-25074,WebP Converter for Media < 4.0.3 - Unauthenticated Open redirect,"The WebP Converter for Media WordPress plugin before 4.0.3 contains a file (passthru.php) which does not validate the src parameter before redirecting the user to it, leading to an Open Redirect issue",Wordpress,Webp Converter For Media – Convert Webp And Avif & Optimize Images,6.1,MEDIUM,0.0011699999449774623,false,,false,false,false,,false,false,2022-01-24T08:01:22.000Z,0
CVE-2021-24644,https://securityvulnerability.io/vulnerability/CVE-2021-24644,Images to WebP < 1.9 - Authenticated Local File Inclusion,"The Images to WebP WordPress plugin before 1.9 does not validate or sanitise the tab parameter before passing it to the include() function, which could lead to a Local File Inclusion issue",Wordpress,Images To Webp,7.5,HIGH,0.004490000195801258,false,,false,false,false,,false,false,2021-11-23T19:16:03.000Z,0
CVE-2021-24641,https://securityvulnerability.io/vulnerability/CVE-2021-24641,Images to WebP < 1.9 - Multiple Cross Site Request Forgery (CSRF),"The Images to WebP WordPress plugin before 1.9 does not have CSRF checks in place when performing some administrative actions, which could result in modification of plugin settings, Denial-of-Service, as well as arbitrary image conversion",Wordpress,Images To Webp,8.1,HIGH,0.0008399999933317304,false,,false,false,false,,false,false,2021-11-23T19:16:01.000Z,0