← voltar
CVE-2025-11379

WebP Express <= 0.25.9 - Unauthenticated Information Exposure

CVSS 5.3 MEDIUMEPSS 0.3%CWE-200
Vexday Risk Score
13Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 5.3EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
04 dez 2025Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
The WebP Express plugin for WordPress is vulnerable to information exposure via config files in all versions up to, and including, 0.25.9. This is due to the plugin not properly randomizing the name of the config file to prevent direct access on NGINX. This makes it possible for unauthenticated attackers to extract configuration data.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Produtos afetados
roselldk · WebP Express