← back
CVE-2021-24644

Images to WebP < 1.9 - Authenticated Local File Inclusion

EPSS 5.0%CWE-22
Vexday Risk Score
18Low
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS EPSS 5.0%KEV nãoPoC Nuclei simMetasploit Patch
Lifecycle
23 Nov 2021Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
The Images to WebP WordPress plugin before 1.9 does not validate or sanitise the tab parameter before passing it to the include() function, which could lead to a Local File Inclusion issue
Affected products
Unknown · Images to WebP

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://wpscan.com/vulnerability/5a363eeb-9510-4535-97e2-9dfd3b10d511