CVE-2021-25074

CVE-2021-25074: WebP Converter for Media < 4.0.3 - Unauthenticated Open redirect

Vendor Unknown
Product WebP Converter for Media – Convert WebP and AVIF & Optimize Images
Weakness CWE-601 · Open redirect
Published January 24, 2022
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The WebP Converter for Media WordPress plugin before 4.0.3 contains a file (passthru.php) which does not validate the src parameter before redirecting the user to it, leading to an Open Redirect issue

Key dates

02Disclosure timeline

January 24, 2022 CVE published
August 3, 2024 Record updated