Arbitrary File Reading Vulnerability in WebP Express Plugin for WordPress
CVE-2019-15330

7.5HIGH

Key Information:

Vendor: Wordpress
Status: Webp Express
Vendor: CVE Published:; 22 August 2019

Summary

The WebP Express plugin for WordPress, prior to version 0.14.11, is susceptible to an arbitrary file reading vulnerability. This flaw allows attackers to read sensitive files on the server, potentially leading to unauthorized access to critical information. It is crucial for users to update their plugin to the latest version to mitigate this risk.

References

https://wordpress.org/plugins/webp-express/#developers

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 22, 2019
Vulnerability Reserved
Aug 22, 2019