What the vulnerability does
01Description
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Ludwig You QuickWebP – Compress / Optimize Images & Convert WebP | SEO Friendly quickwebp allows Path Traversal.This issue affects QuickWebP – Compress / Optimize Images & Convert WebP | SEO Friendly: from n/a through <= 3.2.7.
Explanation of Vulnerability in Simple Terms
02Summary
QuickWebP versions up to 3.2.7 contain a path traversal vulnerability that allows authenticated users to read, write, or delete arbitrary files on the server. An attacker with low-level access can navigate outside intended directories to access sensitive files, configuration data, or other users' content. The vulnerability affects confidentiality, integrity, and availability of the entire site.
What an attacker can do
03Attacker Capabilities
Read, write, or delete any file on the server that the web process can access.
Potential impact on your site
04Site Impact
Any authenticated user can compromise your entire site by accessing config files, database backups, or other users' data.
Conditions required to exploit
05Prerequisites
Attacker must have a low-privilege user account (e.g., subscriber or contributor role).
Key dates
06Disclosure timeline
May 27, 2026
CVE published
May 27, 2026
Record updated