Headline

CVE-2022-29430: PNG to JPG

Cross-Site Scripting (XSS) vulnerability in KubiQ’s PNG to JPG plugin <= 4.0 at WordPress via Cross-Site Request Forgery (CSRF). Vulnerable parameter &jpg_quality.

2 years ago

CVE

Open in Source

#sql #xss #csrf #vulnerability #web #wordpress

Details
Reviews
Installation
Support
Development

Convert PNG images to JPG, free up web space and speed up your webpage

set quality of converted JPG
auto convert on upload
auto convert on upload only when PNG has no transparency
only convert image if JPG filesize is lower than PNG filesize
leave original PNG images on the server
convert existing PNG image to JPG
bulk convert existing PNG images to JPG
conversion statistics

Upload png-to-jpg directory to the /wp-content/plugins/ directory
Activate the plugin through the ‘Plugins’ menu in WordPress

Best work, fast speed when png convert to jpg

I had a client site where the developers used ALL PNG IMAGES and it was SLOW. Thank you for this awesome plugin you saved me a ton of time not having to convert manually & re-upload via GIMP!

Easy to use and efficient. The bulk convert page loads fast, the images were generated and replaced neatly. I saved over 80MB converting approximately 350 PNGs, and this was only a test run. Lovely plugin!

The plugin converts the format and replaces the address in the database well and without any problems. Be sure to back up before use to avoid problems

I used it on WordPress 5.7.1. The plugin does what it should do. Converting 200 images took about 3 minutes. I hope it will be updated soon. Using old plugins is always a bit scary.

Плагин нашел лишь малую часть моих PNG. Затем заменил полноразмерные png на jpg при этом они все исчезли из тех записей где стояли. Также (!) уменьшенные варианты этих же изображений ОН ОСТАВИЛ В ТОМ ЖЕ ФОРМАТЕ PNG. Таким образом были убиты самые большие PNG и больше ничего не изменилось. Я это делал птому что у меня есть backup сайта 🙂

Read all 32 reviews

“PNG to JPG” is open source software. The following people have contributed to this plugin.

Contributors

kubiq

4.1

added nonce and security checks
added button to stop transparency detection or conversion process
removed DB prefix from notice table names to make it more readable
remove preview box flex centering to make it works with bigger images
auto delete PNG backup when JPG deleted in admin

4.0

replace images also in post_excerpt
separate SQL queries
added support for FV Player plugin

3.9.1

tested on WP 5.9
check if file really exists and if has .png extension

3.9

fix transparency default state

3.8

tested on WP 5.4
save transparency meta and load it instantly next time
image viewer – background switch
image viewer – centered image
image viewer – highlight image borders and show image size on hover

3.7

do not run second transparency detection if first one return true

3.6

metadata update fix

3.5

added support for Broken Link Checker plugin ( blc_instances, blc_links )

3.4

replace image url also in these database tables: yoast_seo_links, revslider_static_slides

3.3

tested on WP 5.2
handle duplicate names like WP – adding increment
optimizing code for faster processing

3.2

added support for Fancy Product Designer plugin

3.1

tested on WP 5.0
small cosmetic code changes

3.0

new option: convert only if JPG will have lower filesize then PNG
new feature: show converted images statistics
fix: conflict when there is already JPEG with a same name as PNG
fix: conflict when PNG name is part of another PNG name ( eg. ‘xyz.png’ can rename also ‘abcxyz.png’ )
optimized for translations

2.6