WebP Converter for Media <= 1.0.2 – Cross-Site Request Forgery (CSRF) | CVE 2019-15834

Affects Plugins

Fixed in 1.0.3

References

CVE

CVE-2019-15834

URL

https://plugins.trac.wordpress.org/changeset?reponame=&new=2113266%40webp-converter-for-media&old=2112369%40webp-converter-for-media

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CWE-352

CVSS

8.8 (high)

Miscellaneous

Verified

No

WPVDB ID

65483794-f22f-41c7-b286-fd70c38ae160

Timeline

Publicly Published

2019-06-27 (about 6 years ago)

Added

2019-06-27 (about 6 years ago)

Last Updated

2020-09-22 (about 5 years ago)

Other

Published

Title

Published

2024-07-11

Title

MBE eShip < 2.2.1 - Cross-Site Request Forgery

Published

2024-05-07

Title

ADFO – Custom data in admin dashboard < 1.9.1 - Cross-Site Request Forgery

Published

2025-04-17

Title

My Marginalia <= 1.0.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting

Published

2025-04-17

Title

mLanguage <= 1.6.1 - Cross-Site Request Forgery

Published

2023-08-11

Title

Futurio Extra < 1.9.1 - Arbitrary Plugin Activation via CSRF