Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-29430: PNG to JPG

Cross-Site Scripting (XSS) vulnerability in KubiQ’s PNG to JPG plugin <= 4.0 at WordPress via Cross-Site Request Forgery (CSRF). Vulnerable parameter &jpg_quality.

CVE
#sql#xss#csrf#vulnerability#web#wordpress
  • Details
  • Reviews
  • Installation
  • Support
  • Development

Convert PNG images to JPG, free up web space and speed up your webpage

  • set quality of converted JPG
  • auto convert on upload
  • auto convert on upload only when PNG has no transparency
  • only convert image if JPG filesize is lower than PNG filesize
  • leave original PNG images on the server
  • convert existing PNG image to JPG
  • bulk convert existing PNG images to JPG
  • conversion statistics
  1. Upload png-to-jpg directory to the /wp-content/plugins/ directory
  2. Activate the plugin through the ‘Plugins’ menu in WordPress

Best work, fast speed when png convert to jpg

I had a client site where the developers used ALL PNG IMAGES and it was SLOW. Thank you for this awesome plugin you saved me a ton of time not having to convert manually & re-upload via GIMP!

Easy to use and efficient. The bulk convert page loads fast, the images were generated and replaced neatly. I saved over 80MB converting approximately 350 PNGs, and this was only a test run. Lovely plugin!

The plugin converts the format and replaces the address in the database well and without any problems. Be sure to back up before use to avoid problems

I used it on WordPress 5.7.1. The plugin does what it should do. Converting 200 images took about 3 minutes. I hope it will be updated soon. Using old plugins is always a bit scary.

Плагин нашел лишь малую часть моих PNG. Затем заменил полноразмерные png на jpg при этом они все исчезли из тех записей где стояли. Также (!) уменьшенные варианты этих же изображений ОН ОСТАВИЛ В ТОМ ЖЕ ФОРМАТЕ PNG. Таким образом были убиты самые большие PNG и больше ничего не изменилось. Я это делал птому что у меня есть backup сайта 🙂

Read all 32 reviews

“PNG to JPG” is open source software. The following people have contributed to this plugin.

Contributors

  • kubiq

4.1

  • added nonce and security checks
  • added button to stop transparency detection or conversion process
  • removed DB prefix from notice table names to make it more readable
  • remove preview box flex centering to make it works with bigger images
  • auto delete PNG backup when JPG deleted in admin

4.0

  • replace images also in post_excerpt
  • separate SQL queries
  • added support for FV Player plugin

3.9.1

  • tested on WP 5.9
  • check if file really exists and if has .png extension

3.9

  • fix transparency default state

3.8

  • tested on WP 5.4
  • save transparency meta and load it instantly next time
  • image viewer – background switch
  • image viewer – centered image
  • image viewer – highlight image borders and show image size on hover

3.7

  • do not run second transparency detection if first one return true

3.6

  • metadata update fix

3.5

  • added support for Broken Link Checker plugin ( blc_instances, blc_links )

3.4

  • replace image url also in these database tables: yoast_seo_links, revslider_static_slides

3.3

  • tested on WP 5.2
  • handle duplicate names like WP – adding increment
  • optimizing code for faster processing

3.2

  • added support for Fancy Product Designer plugin

3.1

  • tested on WP 5.0
  • small cosmetic code changes

3.0

  • new option: convert only if JPG will have lower filesize then PNG
  • new feature: show converted images statistics
  • fix: conflict when there is already JPEG with a same name as PNG
  • fix: conflict when PNG name is part of another PNG name ( eg. ‘xyz.png’ can rename also ‘abcxyz.png’ )
  • optimized for translations

2.6

  • rename PNG image if JPG with the same name already exists

2.5

  • BUG FIXED – disabled checkboxes when autodetect is disabled

2.4

  • now you can disable autodetect PNG transparency

2.3

  • WP 4.9.1 compatibility check
  • new compatibility with Toolset Types

2.2

  • Repair revslider database table detection

2.1

  • Added option to leave original PNG image on server after conversion
  • Repair SQL replacement query

2.0

  • Replace image and thumbnails extension in database tables
  • Moved from Settings to Tools submenu
  • Some small fixes

1.2

  • Fix generating background for transparent images (thanks @darkcobalt)

1.1

  • Fix PNG transparency detection

1.0

  • First version

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907