Primary

Context

WebP Express WordPress Plugin Information Exposure Vulnerability

Vulnerability

A vulnerability allowing information exposure through configuration files has been identified in the WebP Express plugin for WordPress, affecting all versions up to and including 0.25.9. The issue arises because the plugin fails to adequately randomize the names of configuration files, leaving them accessible on NGINX. This flaw enables unauthenticated attackers to retrieve sensitive configuration data.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive configuration information.

Remediation

No known patch is available. Users are advised to review the vulnerability details and consider uninstalling the affected plugin.

Added: Dec 4, 2025, 5:20 AM

Updated: Dec 4, 2025, 5:20 AM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

2.5

exploitability

7.6

remediation

0.0

relevance

1.4

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

2.5

exploitability

7.6

remediation

0.0

relevance

1.4

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WebP Express WordPress Plugin Information Exposure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

WebP Express

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating