VYPR

Webp Express

by WordPress

Source repositories

CVEs (2)

  • CVE-2019-15330HigAug 22, 2019
    risk 0.49cvss 7.5epss 0.02

    The webp-express plugin before 0.14.11 for WordPress has insufficient protection against arbitrary file reading.

  • CVE-2025-11379MedDec 4, 2025
    risk 0.34cvss 5.3epss 0.00

    The WebP Express plugin for WordPress is vulnerable to information exposure via config files in all versions up to, and including, 0.25.9. This is due to the plugin not properly randomizing the name of the config file to prevent direct access on NGINX. This makes it possible for…