Vulnerability Description
The Images to WebP WordPress plugin before 1.9 does not validate or sanitise the tab parameter before passing it to the include() function, which could lead to a Local File Inclusion issue
CVSS Score
7.5
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Imagestowebp Project | Images To Webp | < 1.9 |
Related Weaknesses (CWE)
References
- https://wpscan.com/vulnerability/5a363eeb-9510-4535-97e2-9dfd3b10d511ExploitThird Party Advisory
- https://wpscan.com/vulnerability/5a363eeb-9510-4535-97e2-9dfd3b10d511ExploitThird Party Advisory
FAQ
What is CVE-2021-24644?
CVE-2021-24644 is a vulnerability with a CVSS score of 7.5 (HIGH). The Images to WebP WordPress plugin before 1.9 does not validate or sanitise the tab parameter before passing it to the include() function, which could lead to a Local File Inclusion issue
How severe is CVE-2021-24644?
CVE-2021-24644 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-24644?
Check the references section above for vendor advisories and patch information. Affected products include: Imagestowebp Project Images To Webp.