WordPress Plugin Vulnerabilities

WebP Express <= 0.14.10 - Multiple Issues

Description

- Arbitrary File Viewing
- CRSF
- XSS (including https://wpvulndb.com/vulnerabilities/9389)
- Unauthorised Access

Affects Plugins

Plugin icon
webp-express
Fixed in 0.14.11

References

CVE
CVE-2019-15330
URL
https://plugins.trac.wordpress.org/changeset?reponame=&new=2111370%40webp-express&old=2089103%40webp-express

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
7.5 (high)

Miscellaneous

Verified
No
WPVDB ID
b1d0e975-de62-4ea3-9595-510963c78c23

Timeline

Publicly Published
2019-06-16 (about 6 years ago)
Added
2019-06-16 (about 6 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2025-05-07
Title
Beacon Lead Magnets and Lead Capture < 1.5.9 - Cross-Site Request Forgery
Published
2022-10-20
Title
Advanced Order Export For WooCommerce < 3.3.3 - Export Files via CSRF
Published
2023-11-14
Title
Restaurant & Cafe Addon for Elementor < 1.5.3 - Cross-Site Request Forgery
Published
2023-08-11
Title
Futurio Extra < 1.9.1 - Arbitrary Plugin Activation via CSRF
Published
2025-11-03
Title
Associados Amazon Plugin <= 0.8 - Cross-Site Request Forgery to Stored Cross-Site Scripting