cleantalk
Vulnerabilities and Security Researches

Vulnerabilities and security researches forwebp-converter-for-media webp-converter-for-media

Direction: ascending
Jun 06, 2024

Converter for Media – Optimize images | Convert WebP & AVIF # CVE-2019-15834

CVE, Research URL

CVE-2019-15834

Home page URL

Security reports for Converter for Media – Optimize images | Convert WebP & AVIF

Application

Converter for Media – Optimize images | Convert WebP & AVIF

Date
Aug 30, 2019
Research Description
The webp-converter-for-media plugin before 1.0.3 for WordPress has CSRF.
Affected versions
max 1.0.3.
Status
vulnerable
Jun 10, 2024

Converter for Media – Optimize images | Convert WebP & AVIF # CVE-2021-25074

CVE, Research URL

CVE-2021-25074

Home page URL

Security reports for Converter for Media – Optimize images | Convert WebP & AVIF

Application

Converter for Media – Optimize images | Convert WebP & AVIF

Date
-
Research Description
The WebP Converter for Media WordPress plugin before 4.0.3 contains a file (passthru.php) which does not validate the src parameter before redirecting the user to it, leading to an Open Redirect issue
Affected versions
max 4.0.3.
Status
vulnerable
Jan 28, 2026

Converter for Media – Optimize images | Convert WebP & AVIF # CVE-2025-13750

CVE, Research URL

CVE-2025-13750

Home page URL

Security reports for Converter for Media – Optimize images | Convert WebP & AVIF

Application

Converter for Media – Optimize images | Convert WebP & AVIF

Date
Dec 17, 2025
Research Description
The Converter for Media – Optimize images | Convert WebP & AVIF plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `/webp-converter/v1/regenerate-attachment` REST endpoint in all versions up to, and including, 6.3.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete optimized WebP/AVIF variants for arbitrary attachments.
Affected versions
max 6.4.0.
Status
vulnerable
Apr 14, 2026

Converter for Media – Optimize images | Convert WebP & AVIF # CVE-2026-1356

CVE, Research URL

CVE-2026-1356

Home page URL

Security reports for Converter for Media – Optimize images | Convert WebP & AVIF

Application

Converter for Media – Optimize images | Convert WebP & AVIF

Date
Feb 12, 2026
Research Description
The Converter for Media – Optimize images | Convert WebP & AVIF plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.5.1 via the PassthruLoader::load_image_source function. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
Affected versions
max 6.5.2.
Status
vulnerable