MidnightBSD

Advisories for webp_converter_for_media_project

CVE-2019-15834 MEDIUM

The webp-converter-for-media plugin before 1.0.3 for WordPress has CSRF.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
webp_converter_for_media_project webp_converter_for_media *
CVE-2021-25074 MEDIUM

The WebP Converter for Media WordPress plugin before 4.0.3 contains a file (passthru.php) which does not validate the src parameter before redirecting the user to it, leading to an Open Redirect issue

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-601,

Products Affected

Vendor Product Version
webp_converter_for_media_project webp_converter_for_media *