A high-severity vulnerability has been identified in the WP Enable WebP plugin for WordPress, which could allow an attacker to upload malicious files to a website. Successful exploitation could lead to a complete compromise of the affected website, potentially resulting in data theft, website defacement, or the server being used for further malicious activities. Organizations using this plugin are urged to apply the recommended remediation steps immediately to mitigate this critical risk.

The vulnerability exists due to improper validation of file types within the wpse_file_and_ext_webp function of the plugin. An authenticated attacker, potentially with low-level privileges, can bypass the file type checks and upload a malicious script (e.g., a PHP web shell) disguised as an image file. Once uploaded, the attacker can navigate to the script's location on the server and execute arbitrary code with the permissions of the web server's user account, leading to Remote Code Execution (RCE).

This vulnerability presents a significant risk to the business, classified as High severity with a CVSS score of 8.8. A successful exploit could lead to a complete compromise of the web server, resulting in severe consequences such as the theft of sensitive company or customer data, financial loss, and significant reputational damage. The compromised server could also be leveraged to attack other internal systems or used as a platform for hosting phishing sites or malware, creating further legal and financial liabilities for the organization.

Immediate Action: Immediately update the WP Enable WebP plugin to the latest patched version available from the vendor (any version greater than 1). If the plugin is not essential for business operations, consider deactivating and removing it entirely to eliminate the attack surface.

Proactive Monitoring: Monitor web server access logs for unusual file upload attempts, especially for files with executable extensions (.php, .phtml, .sh) being uploaded to image or media directories. Implement File Integrity Monitoring (FIM) to detect unauthorized changes or additions to files within the web application's directories. Monitor for suspicious outbound network traffic originating from the web server, which could indicate a successful compromise.

Compensating Controls: If immediate patching is not feasible, implement a Web Application Firewall (WAF) with rules designed to inspect file uploads and block malicious file types or suspicious content. Additionally, harden the web server configuration to prevent script execution in the uploads directory (e.g., using .htaccess on Apache or equivalent configurations on other servers).

Public Exploit Available: false

Given the high CVSS score of 8.8 and the critical risk of Remote Code Execution, it is strongly recommended that organizations treat this vulnerability with the highest priority. All instances of the WP Enable WebP plugin must be identified and patched immediately. The absence of a public exploit or a CISA KEV listing should not diminish the urgency of remediation, as a compromise could lead to a severe security breach.