cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-12060,https://securityvulnerability.io/vulnerability/CVE-2024-12060,Reflected Cross-Site Scripting Vulnerability in WP Media Optimizer .webp Plugin,"The WP Media Optimizer (.webp) plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘wpmowebp-css-resources’ and 'wpmowebp-js-resources' parameters in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.",Wordpress,WP Media Optimizer (.webp),6.1,MEDIUM,0.0005200000014156103,false,,false,false,false,,false,false,2024-12-06T08:24:49.945Z,0
CVE-2024-9361,https://securityvulnerability.io/vulnerability/CVE-2024-9361,Unauthorized Data Modification Vulnerability in Bulk Images Optimizer Plugin,"The Bulk images optimizer: Resize, optimize, convert to webp, rename … plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_configuration' function in all versions up to, and including, 2.0.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update plugin options.",Wordpress,"Bulk Images Optimizer: Resize, Optimize, Convert To Webp, Rename …",4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-10-18T04:32:55.239Z,0
CVE-2024-3633,https://securityvulnerability.io/vulnerability/CVE-2024-3633,Malicious SVG Uploads Could Lead to XSS Attacks in WebP & SVG Support WordPress Plugin,"The WebP & SVG Support WordPress plugin through 1.4.0 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads.",Wordpress,Webp & Svg Support,,,0.0004299999854993075,false,,false,false,true,true,false,false,2024-06-26T06:00:02.176Z,0
CVE-2023-3352,https://securityvulnerability.io/vulnerability/CVE-2023-3352,Unauthorized Deletion of Resmush List in Smush Plugin for WordPress,"The Smush plugin for WordPress contains a vulnerability that allows authenticated attackers, even those with limited user roles like subscribers, to delete the resmush list associated with the Nextgen Gallery or the Media Library. This issue arises from a missing capability check in the delete_resmush_list() function, which could lead to significant data loss and compromise the integrity of media files managed by the plugin. Website administrators are advised to address this vulnerability promptly to safeguard their site from unauthorized actions.",Wordpress,Smush Image Optimization – Optimize Images | Compress & Lazy Load Images | Convert Webp | Image Cdn,4.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-06-21T02:05:43.900Z,0
CVE-2024-4636,https://securityvulnerability.io/vulnerability/CVE-2024-4636,Stored Cross-Site Scripting Vulnerability in Image Optimization Plugin,"The Image Optimization by Optimole – Lazy Load, CDN, Convert WebP & AVIF plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘allow_meme_types’ function in versions up to, and including, 3.12.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,"Image Optimization By Optimole – Lazy Load, Cdn, Convert Webp & Avif",6.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-05-15T06:51:55.715Z,0
CVE-2023-4460,https://securityvulnerability.io/vulnerability/CVE-2023-4460,"Uploading SVG, WEBP and ICO files <= 1.2.1 - Author+ Stored XSS via SVG","The Uploading SVG, WEBP and ICO files WordPress plugin through 1.2.1 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads.",Wordpress,"Uploading Svg, Webp And Ico Files",5.4,MEDIUM,0.0005200000014156103,false,,false,false,true,true,false,false,2023-12-04T22:15:00.000Z,0
CVE-2023-5458,https://securityvulnerability.io/vulnerability/CVE-2023-5458,"CITS Support svg, webp Media and TTF,OTF File Upload < 3.0 - Author+ Stored XSS via SVG","The CITS Support svg, webp Media and TTF,OTF File Upload WordPress plugin before 3.0 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads.",Wordpress,"CITS Support svg, webp Media and TTF,OTF File Upload",5.4,MEDIUM,0.0005200000014156103,false,,false,false,false,,false,false,2023-10-31T14:15:00.000Z,0
CVE-2023-2143,https://securityvulnerability.io/vulnerability/CVE-2023-2143,"Enable SVG, WebP & ICO Upload <= 1.0.3 - Author+ Stored XSS","The Enable SVG, WebP & ICO Upload WordPress plugin through 1.0.3 does not sanitize SVG file contents, leading to a Cross-Site Scripting vulnerability.",Wordpress,"Enable Svg, Webp & Ico Upload",5.4,MEDIUM,0.0004799999878741801,false,,false,false,false,,false,false,2023-07-17T14:15:00.000Z,0
CVE-2022-36285,https://securityvulnerability.io/vulnerability/CVE-2022-36285,"WordPress Uploading SVG, WEBP and ICO files plugin <= 1.0.1 - Authenticated Arbitrary File Upload vulnerability","Authenticated Arbitrary File Upload vulnerability in dmitrylitvinov Uploading SVG, WEBP and ICO files plugin <= 1.0.1 at WordPress.",Wordpress,"Uploading Svg, Webp And Ico Files (WordPress Plugin)",7.2,HIGH,0.0008699999889358878,false,,false,false,false,,false,false,2022-08-23T16:15:00.000Z,0
CVE-2022-34648,https://securityvulnerability.io/vulnerability/CVE-2022-34648,"WordPress Uploading SVG, WEBP and ICO files plugin <= 1.0.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability","Authenticated (author+) Stored Cross-Site Scripting (XSS) vulnerability in dmitrylitvinov Uploading SVG, WEBP and ICO files plugin <= 1.0.1 at WordPress.",Wordpress,"Uploading Svg, Webp And Ico Files (WordPress Plugin)",4.8,MEDIUM,0.0005000000237487257,false,,false,false,false,,false,false,2022-08-23T16:15:00.000Z,0
CVE-2022-36343,https://securityvulnerability.io/vulnerability/CVE-2022-36343,"WordPress Enable SVG, WebP & ICO Upload plugin <= 1.0.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability","Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in ideasToCode Enable SVG, WebP & ICO Upload plugin <= 1.0.1 at WordPress.",Wordpress,"Enable Svg, Webp & Ico Upload (WordPress Plugin)",3.4,LOW,0.0005000000237487257,false,,false,false,false,,false,false,2022-08-01T00:00:00.000Z,0
CVE-2022-34154,https://securityvulnerability.io/vulnerability/CVE-2022-34154,"WordPress Enable SVG, WebP & ICO Upload plugin <= 1.0.1 - Authenticated Arbitrary File Upload vulnerability","Authenticated (author or higher user role) Arbitrary File Upload vulnerability in ideasToCode Enable SVG, WebP & ICO Upload plugin <= 1.0.1 at WordPress.",Wordpress,"Enable Svg, Webp & Ico Upload (WordPress Plugin)",7.2,HIGH,0.0008699999889358878,false,,false,false,false,,false,false,2022-08-01T00:00:00.000Z,0
CVE-2021-25074,https://securityvulnerability.io/vulnerability/CVE-2021-25074,WebP Converter for Media < 4.0.3 - Unauthenticated Open redirect,"The WebP Converter for Media WordPress plugin before 4.0.3 contains a file (passthru.php) which does not validate the src parameter before redirecting the user to it, leading to an Open Redirect issue",Wordpress,Webp Converter For Media – Convert Webp And Avif & Optimize Images,6.1,MEDIUM,0.0011699999449774623,false,,false,false,false,,false,false,2022-01-24T08:01:22.000Z,0
CVE-2021-24644,https://securityvulnerability.io/vulnerability/CVE-2021-24644,Images to WebP < 1.9 - Authenticated Local File Inclusion,"The Images to WebP WordPress plugin before 1.9 does not validate or sanitise the tab parameter before passing it to the include() function, which could lead to a Local File Inclusion issue",Wordpress,Images To Webp,7.5,HIGH,0.004490000195801258,false,,false,false,false,,false,false,2021-11-23T19:16:03.000Z,0
CVE-2021-24641,https://securityvulnerability.io/vulnerability/CVE-2021-24641,Images to WebP < 1.9 - Multiple Cross Site Request Forgery (CSRF),"The Images to WebP WordPress plugin before 1.9 does not have CSRF checks in place when performing some administrative actions, which could result in modification of plugin settings, Denial-of-Service, as well as arbitrary image conversion",Wordpress,Images To Webp,8.1,HIGH,0.0008399999933317304,false,,false,false,false,,false,false,2021-11-23T19:16:01.000Z,0
CVE-2019-15837,https://securityvulnerability.io/vulnerability/CVE-2019-15837,,The webp-express plugin before 0.14.8 for WordPress has stored XSS.,Wordpress,Webp Express,5.4,MEDIUM,0.0007399999885819852,false,,false,false,false,,false,false,2019-08-30T16:10:56.000Z,0
CVE-2019-15834,https://securityvulnerability.io/vulnerability/CVE-2019-15834,,The webp-converter-for-media plugin before 1.0.3 for WordPress has CSRF.,Wordpress,Webp Converter For Media,8.8,HIGH,0.001019999966956675,false,,false,false,false,,false,false,2019-08-30T16:06:04.000Z,0
CVE-2019-15330,https://securityvulnerability.io/vulnerability/CVE-2019-15330,,The webp-express plugin before 0.14.11 for WordPress has insufficient protection against arbitrary file reading.,Wordpress,Webp Express,7.5,HIGH,0.0015800000401213765,false,,false,false,false,,false,false,2019-08-22T18:59:39.000Z,0