CVE-2021-24641

Published: Nov 23, 2021Modified: Jun 17, 2026

8.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

Exploitability: 2.8 / Impact: 5.2

Source: NVD

Description

The Images to WebP WordPress plugin before 1.9 does not have CSRF checks in place when performing some administrative actions, which could result in modification of plugin settings, Denial-of-Service, as well as arbitrary image conversion

Affected (1)

Products: Imagestowebp Project: Images To Webp

Imagestowebp Project

1 product

Images To Webp

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Imagestowebp Project Images To Webp	Before 1.9

Related CWEs

CWE-352

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (2)

https://wpscan.com/vulnerability/972f8c5d-22b7-42de-a981-2e5acb72297b

Source: contact@wpscan.com

ExploitThird Party Advisory

https://wpscan.com/vulnerability/972f8c5d-22b7-42de-a981-2e5acb72297b

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.