cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score CVE-2024-12060,https://securityvulnerability.io/vulnerability/CVE-2024-12060,Reflected Cross-Site Scripting Vulnerability in WP Media Optimizer .webp Plugin,"The WP Media Optimizer (.webp) plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘wpmowebp-css-resources’ and 'wpmowebp-js-resources' parameters in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.",Wordpress,WP Media Optimizer (.webp),6.1,MEDIUM,0.0005200000014156103,false,,false,false,false,,,false,false,,2024-12-06T08:24:49.945Z,0 CVE-2024-9361,https://securityvulnerability.io/vulnerability/CVE-2024-9361,Unauthorized Data Modification Vulnerability in Bulk Images Optimizer Plugin,"The Bulk images optimizer: Resize, optimize, convert to webp, rename … plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_configuration' function in all versions up to, and including, 2.0.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update plugin options.",Wordpress,"Bulk Images Optimizer: Resize, Optimize, Convert To Webp, Rename …",4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-10-18T04:32:55.239Z,0 CVE-2024-3633,https://securityvulnerability.io/vulnerability/CVE-2024-3633,Malicious SVG Uploads Could Lead to XSS Attacks in WebP & SVG Support WordPress Plugin,"The WebP & SVG Support WordPress plugin through 1.4.0 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads.",Wordpress,Webp & Svg Support,,,0.0004299999854993075,false,,false,false,true,2024-06-26T05:00:02.000Z,true,false,false,,2024-06-26T06:00:02.176Z,0 CVE-2023-3352,https://securityvulnerability.io/vulnerability/CVE-2023-3352,Unauthorized Deletion of Resmush List in Smush Plugin for WordPress,"The Smush plugin for WordPress contains a vulnerability that allows authenticated attackers, even those with limited user roles like subscribers, to delete the resmush list associated with the Nextgen Gallery or the Media Library. This issue arises from a missing capability check in the delete_resmush_list() function, which could lead to significant data loss and compromise the integrity of media files managed by the plugin. Website administrators are advised to address this vulnerability promptly to safeguard their site from unauthorized actions.",Wordpress,Smush Image Optimization – Optimize Images | Compress & Lazy Load Images | Convert Webp | Image Cdn,4.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-06-21T02:05:43.900Z,0 CVE-2024-4636,https://securityvulnerability.io/vulnerability/CVE-2024-4636,Stored Cross-Site Scripting Vulnerability in Image Optimization Plugin,"The Image Optimization by Optimole – Lazy Load, CDN, Convert WebP & AVIF plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘allow_meme_types’ function in versions up to, and including, 3.12.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,"Image Optimization By Optimole – Lazy Load, Cdn, Convert Webp & Avif",6.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-05-15T06:51:55.715Z,0 CVE-2023-4460,https://securityvulnerability.io/vulnerability/CVE-2023-4460,"Uploading SVG, WEBP and ICO files <= 1.2.1 - Author+ Stored XSS via SVG","The Uploading SVG, WEBP and ICO files WordPress plugin through 1.2.1 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads.",Wordpress,"Uploading Svg, Webp And Ico Files",5.4,MEDIUM,0.0005200000014156103,false,,false,false,true,2023-08-11T00:11:45.000Z,true,false,false,,2023-12-04T22:15:00.000Z,0 CVE-2023-5458,https://securityvulnerability.io/vulnerability/CVE-2023-5458,"CITS Support svg, webp Media and TTF,OTF File Upload < 3.0 - Author+ Stored XSS via SVG","The CITS Support svg, webp Media and TTF,OTF File Upload WordPress plugin before 3.0 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads.",Wordpress,"CITS Support svg, webp Media and TTF,OTF File Upload",5.4,MEDIUM,0.0005200000014156103,false,,false,false,false,,,false,false,,2023-10-31T14:15:00.000Z,0 CVE-2023-2143,https://securityvulnerability.io/vulnerability/CVE-2023-2143,"Enable SVG, WebP & ICO Upload <= 1.0.3 - Author+ Stored XSS","The Enable SVG, WebP & ICO Upload WordPress plugin through 1.0.3 does not sanitize SVG file contents, leading to a Cross-Site Scripting vulnerability.",Wordpress,"Enable Svg, Webp & Ico Upload",5.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2023-07-17T14:15:00.000Z,0 CVE-2021-25074,https://securityvulnerability.io/vulnerability/CVE-2021-25074,WebP Converter for Media < 4.0.3 - Unauthenticated Open redirect,"The WebP Converter for Media WordPress plugin before 4.0.3 contains a file (passthru.php) which does not validate the src parameter before redirecting the user to it, leading to an Open Redirect issue",Wordpress,Webp Converter For Media – Convert Webp And Avif & Optimize Images,6.1,MEDIUM,0.0011699999449774623,false,,false,false,false,,,false,false,,2022-01-24T08:01:22.000Z,0 CVE-2021-24644,https://securityvulnerability.io/vulnerability/CVE-2021-24644,Images to WebP < 1.9 - Authenticated Local File Inclusion,"The Images to WebP WordPress plugin before 1.9 does not validate or sanitise the tab parameter before passing it to the include() function, which could lead to a Local File Inclusion issue",Wordpress,Images To Webp,7.5,HIGH,0.004490000195801258,false,,false,false,false,,,false,false,,2021-11-23T19:16:03.000Z,0 CVE-2021-24641,https://securityvulnerability.io/vulnerability/CVE-2021-24641,Images to WebP < 1.9 - Multiple Cross Site Request Forgery (CSRF),"The Images to WebP WordPress plugin before 1.9 does not have CSRF checks in place when performing some administrative actions, which could result in modification of plugin settings, Denial-of-Service, as well as arbitrary image conversion",Wordpress,Images To Webp,8.1,HIGH,0.0008399999933317304,false,,false,false,false,,,false,false,,2021-11-23T19:16:01.000Z,0 CVE-2019-15837,https://securityvulnerability.io/vulnerability/CVE-2019-15837,Stored XSS Vulnerability in WebP Express Plugin for WordPress,"The WebP Express Plugin for WordPress versions prior to 0.14.8 is susceptible to a stored cross-site scripting (XSS) vulnerability. This vulnerability allows attackers to inject malicious scripts into the web application, which could potentially lead to unauthorized actions being performed on behalf of users. Site administrators are advised to update to the latest version to mitigate the risk associated with this security flaw.",Wordpress,Webp Express,5.4,MEDIUM,0.0007399999885819852,false,,false,false,false,,,false,false,,2019-08-30T16:10:56.000Z,0 CVE-2019-15834,https://securityvulnerability.io/vulnerability/CVE-2019-15834,Cross-Site Request Forgery in WebP Converter for Media Plugin by WordPress,"The WebP Converter for Media plugin for WordPress prior to version 1.0.3 is susceptible to Cross-Site Request Forgery (CSRF), which may allow unauthorized users to perform actions on behalf of authenticated users. This vulnerability can lead to malicious exploits, compromising site integrity and functionality.",Wordpress,Webp Converter For Media,8.8,HIGH,0.001019999966956675,false,,false,false,false,,,false,false,,2019-08-30T16:06:04.000Z,0 CVE-2019-15330,https://securityvulnerability.io/vulnerability/CVE-2019-15330,Arbitrary File Reading Vulnerability in WebP Express Plugin for WordPress,"The WebP Express plugin for WordPress, prior to version 0.14.11, is susceptible to an arbitrary file reading vulnerability. This flaw allows attackers to read sensitive files on the server, potentially leading to unauthorized access to critical information. It is crucial for users to update their plugin to the latest version to mitigate this risk.",Wordpress,Webp Express,7.5,HIGH,0.0015800000401213765,false,,false,false,false,,,false,false,,2019-08-22T18:59:39.000Z,0