CVE-2026-1356

Name of the Vulnerable Software and Affected Versions Converter for Media – Optimize images | Convert WebP & AVIF plugin for WordPress versions prior to 6.5.2

Description The Converter for Media – Optimize images | Convert WebP & AVIF plugin for WordPress is susceptible to Server-Side Request Forgery in versions up to and including 6.5.1. This allows unauthenticated attackers to make web requests to arbitrary locations originating from the web application. Attackers can potentially query and modify information from internal services through the PassthruLoader::load image source function.

Recommendations Update to version 6.5.2 or later.