I must say, I am a bit annoyed.
It is almost 2026, the support for uploading WebP is in wp-core since 5.8 was released, that is July 2021 and a lot of important features were never included, such as image conversion and fallback for old browsers.
I had been using WebP Express to fill this void and ran into this today: https://wpscan.com/vulnerability/23f7e550-80b9-4099-9915-9f4c96c5e89e/
That’s a serious vulnerability to have for 15+ days. So…I just removed that package from my list and will go back to converting the files before uploading or…I don’t know.
Lucklily I am using a pretty secure hosting :happy-emoji-just-imagine-the-emoji-OK?: and the checks after fixing the issue is easy.
Rant over.
(EDIT: Fixed in 0.25.14)
Leave a Reply