CVE-2021-24644

November 24, 2021

The Images to WebP WordPress plugin before 1.9 does not validate or sanitise the tab parameter before passing it to the include() function, which could lead to a Local File Inclusion issue

Summary:

The Images to WebP WordPress plugin before 1.9 does not validate or sanitise the tab parameter before passing it to the include() function, which could lead to a Local File Inclusion issue

Reference Links(if available):

  • https://wpscan.com/vulnerability/5a363eeb-9510-4535-97e2-9dfd3b10d511

  • CVSS Score (if available)

    v2: / MEDIUM

    v3: /

    Links to Exploits(if available)

  • You may have missed

    image

    [BLACKSUIT] – Ransomware Victim: dezinecorp[.]com

    November 11, 2024
    image

    [HUNTERS] – Ransomware Victim: Amourgis & Associates

    November 11, 2024
    image

    [HUNTERS] – Ransomware Victim: Dietzgen Corporation

    November 11, 2024
    Cobalt Strike

    Cobalt Strike Beacon Detected – 156[.]238[.]227[.]43:80

    November 11, 2024
    Cobalt Strike

    Cobalt Strike Beacon Detected – 8[.]134[.]166[.]14:443

    November 11, 2024