CVE-2021-24641

HIGH

Images to WebP < 1.9 - Cross-Site Request Forgery

Title source: llm
STIX 2.1

Description

The Images to WebP WordPress plugin before 1.9 does not have CSRF checks in place when performing some administrative actions, which could result in modification of plugin settings, Denial-of-Service, as well as arbitrary image conversion

References (1)

Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/972f8c5d-22b7-42de-a981-2e5acb72297b

Scores

CVSS v3 8.1
EPSS 0.0052
EPSS Percentile 40.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

Details

CWE
CWE-352
Status published
Products (1)
imagestowebp_project/images_to_webp < 1.9
Published Nov 23, 2021
Tracked Since Feb 18, 2026