Convert WebP & AVIF Quicq WordPress Plugin Missing Authorization Vulnerability

Vulnerability

A vulnerability exists in the Convert WebP & AVIF Quicq WordPress plugin, specifically in versions through 2.0.0. The issue arises from a lack of proper capability checks on the 'wp_ajax_wpqai_disconnect_quicq_afosto' AJAX endpoint. This flaw allows authenticated attackers with Subscriber-level access and above to disconnect Afosto, leading to unauthorized modification of data.

Impact

Exploitation of this vulnerability allows for unauthorized disconnection of Afosto, potentially disrupting services or functionalities associated with it.

Added: Nov 13, 2025, 9:18 AM

Updated: Nov 13, 2025, 9:18 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.2

remediation

0.0

relevance

1.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.2

remediation

0.0

relevance

1.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Convert WebP & AVIF Quicq WordPress Plugin Missing Authorization Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating