Path Traversal Vulnerability in QuickWebP Plugin for Image Optimization
CVE-2026-42756

9.9CRITICAL

Key Information:

Vendor: WordPress
Status: Quickwebp – Compress / Optimize Images & Convert Webp | Seo Friendly
Vendor: CVE Published:; 27 May 2026

What is CVE-2026-42756?

A Path Traversal vulnerability exists in the QuickWebP plugin for WordPress, allowing unauthorized access to files on the server. This security flaw may permit attackers to traverse the directory structure and read sensitive files, potentially leading to data exposure. The issue affects versions of QuickWebP up to 3.2.7, emphasizing the need for prompt updates to mitigate risks.

Affected Version(s)

QuickWebP – Compress / Optimize Images & Convert WebP | SEO Friendly 0 <= 3.2.7

References

https://patchstack.com/database/Wordpress/Plugin/quickweb...

vdb-entry

CVSS V3.1

Score:

9.9

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 27, 2026
Vulnerability Reserved
Apr 29, 2026

Credit

dodoh4t | Patchstack Bug Bounty Program

CVE-2026-42756 Data

JSON