PT-2021-16158 · WordPress · Images To Webp

Apple502J

Published

2021-11-23

Updated

2021-11-24

CVE-2021-24641

CVSS v3.1

8.1

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

Name of the Vulnerable Software and Affected Versions Images to WebP WordPress plugin versions prior to 1.9

Description The issue concerns the lack of CSRF checks in the plugin when performing certain administrative actions. This could lead to modification of plugin settings, Denial-of-Service, and arbitrary image conversion.

Recommendations For versions prior to 1.9, update to version 1.9 or later to resolve the issue. As a temporary workaround, consider restricting access to administrative actions to minimize the risk of exploitation.

Exploit

Fix

DoS

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2021-24641

Affected Products

Images To Webp

PT-2021-16158 · WordPress · Images To Webp

CVE-2021-24641

Weakness Enumeration

Related Identifiers

Affected Products

References · 4