| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2023-3352 | Smush – Lazy Load Images, Optimize & Compress Images <= 3.16.4 - Missing Authorization to Resmush List Deletion | wpmudev | Smush – Image Optimization, Compression, Lazy Load, WebP & CDN | Medium | 4.3 | 2024-06-21 02:05:44 | Deep Dive |
| CVE-2024-4636 | Image Optimization by Optimole – Lazy Load, CDN, Convert WebP & AVIF <= 3.12.10 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload | optimole | Optimole – Optimize Images in Real Time | Medium | 6.4 | 2024-05-15 06:51:56 | Deep Dive |
| CVE-2023-4460 | Uploading SVG, WEBP and ICO files <= 1.2.1 - Author+ Stored XSS via SVG | Unknown | Uploading SVG, WEBP and ICO files | - | - | 2023-12-04 21:28:51 | Deep Dive |
| CVE-2023-32512 | WordPress ShortPixel Adaptive Images Plugin <= 3.7.1 is vulnerable to Cross Site Request Forgery (CSRF) | ShortPixel | ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization | 中危 | - | 2023-11-09 21:21:46 | Deep Dive |
| CVE-2023-5458 | CITS Support svg, webp Media and TTF,OTF File Upload < 3.0 - Author+ Stored XSS via SVG | Unknown | CITS Support svg, webp Media and TTF,OTF File Upload | 中危 | - | 2023-10-31 13:54:42 | Deep Dive |
| CVE-2023-2143 | Enable SVG, WebP & ICO Upload <= 1.0.3 - Author+ Stored XSS | Unknown | Enable SVG, WebP & ICO Upload | 中危 | - | 2023-07-17 13:29:53 | Deep Dive |
| CVE-2022-36285 | WordPress Uploading SVG, WEBP and ICO files plugin <= 1.0.1 - Authenticated Arbitrary File Upload vulnerability | dmitrylitvinov | Uploading SVG, WEBP and ICO files (WordPress plugin) | High | 7.2 | 2022-08-23 15:48:09 | Deep Dive |
| CVE-2022-34648 | WordPress Uploading SVG, WEBP and ICO files plugin <= 1.0.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability | dmitrylitvinov | Uploading SVG, WEBP and ICO files (WordPress plugin) | Medium | 4.8 | 2022-08-23 15:45:25 | Deep Dive |
| CVE-2022-34154 | WordPress Enable SVG, WebP & ICO Upload plugin <= 1.0.1 - Authenticated Arbitrary File Upload vulnerability | ideasToCode | Enable SVG, WebP & ICO Upload (WordPress plugin) | High | 7.2 | 2022-08-01 13:55:12 | Deep Dive |
| CVE-2022-36343 | WordPress Enable SVG, WebP & ICO Upload plugin <= 1.0.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability | ideasToCode | Enable SVG, WebP & ICO Upload (WordPress plugin) | Low | 3.4 | 2022-08-01 13:55:01 | Deep Dive |
| CVE-2021-25074 | WebP Converter for Media < 4.0.3 - Unauthenticated Open redirect | Unknown | WebP Converter for Media – Convert WebP and AVIF & Optimize Images | 中危 | - | 2022-01-24 08:01:22 | Deep Dive |
| CVE-2021-24644 | Images to WebP < 1.9 - Authenticated Local File Inclusion | Unknown | Images to WebP | 高危 | - | 2021-11-23 19:16:03 | Deep Dive |
| CVE-2021-24641 | Images to WebP < 1.9 - Multiple Cross Site Request Forgery (CSRF) | Unknown | Images to WebP | 高危 | - | 2021-11-23 19:16:01 | Deep Dive |
| CVE-2020-17102 | WebP Image Extensions Information Disclosure Vulnerability | Microsoft | WebP Image Extension | Medium | 5.5 | 2020-11-11 06:48:36 | Deep Dive |