CVE-2021-24644
HIGH EXPLOITED NUCLEIImages to WebP < 1.9 - Local File Inclusion via Unsanitized Tab Parameter
Title source: llmExploitation Summary
CVE-2021-24644 has been observed exploited in the wild (reported by VulnCheck KEV). A Nuclei detection template is also available.
Description
The Images to WebP WordPress plugin before 1.9 does not validate or sanitise the tab parameter before passing it to the include() function, which could lead to a Local File Inclusion issue
Nuclei Templates (1)
Images to WebP < 1.9 - Authenticated Local File Inclusion
HIGHVERIFIEDby Sourabh-Sahu
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/5a363eeb-9510-4535-97e2-9dfd3b10d511
Scores
CVSS v3
7.5
EPSS
0.0503
EPSS Percentile
91.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
VulnCheck KEV
2021-10-19
CWE
CWE-22
Status
published
Products (1)
imagestowebp_project/images_to_webp
< 1.9
Published
Nov 23, 2021
Tracked Since
Feb 18, 2026