Skip to content
Medium Published: Dec 17, 2025

CVE-2025-13750

4.3 CVSS Score Medium
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Export CVE-2025-13750 Data:
Share:
Link copied!

Description

The Converter for Media – Optimize images | Convert WebP & AVIF plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `/webp-converter/v1/regenerate-attachment` REST endpoint in all versions up to, and including, 6.3.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete optimized WebP/AVIF variants for arbitrary attachments.

CVSS Vector Details

Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity Low
Availability None

Weaknesses (CWE)

  • CWE-862

References & External Links

External Resources

NVD Official Record Exploit-DB Search Exploits CVE Details Statistics GitHub PoC / Tools X / Twitter Discussions Google Search More

Related Vulnerabilities

CVE-2005-3623 CVSS 0 Same weakness: CWE-862 CVE-2006-4483 CVSS 0 Same weakness: CWE-862 CVE-2008-6548 CVSS 0 Same weakness: CWE-862 CVE-2009-2282 CVSS 0 Same weakness: CWE-862 CVE-2009-3168 CVSS 7.2 Same weakness: CWE-862

CVE History Timeline

Dec 17, 2025 07:15 New CVE Received
← Back to CVE Tracker