CVE-2026-2732

The Enable Media Replace plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the 'RemoveBackGroundViewController::load' function in all versions up to, and including, 4.1.7. This makes it possible for authenticated attackers, with...

PT-2026-22870

Name of the Vulnerable Software and Affected Versions Enable Media Replace plugin for WordPress versions through 4.1.7 Description The Enable Media Replace plugin for WordPress has a flaw that allows unauthorized modification of data. This is due to an insufficient capability check within the...

WordPress Easy Replace Image plugin <= 3.5.2 - Missing Authorization to Authenticated (Contributor+) Arbitrary Attachment Replacement vulnerability

Missing Authorization to Authenticated Contributor+ Arbitrary Attachment Replacement vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin Easy Replace Image versions = 3.5.2...

GHSA-HVP4-VRV2-8WRQ Kinto Attachment's attachments can be replaced on read-only records

Impact The attachment file of an existing record can be replaced if the user has "read" permission on one of the parent collection or bucket. And if the "read" permission is given to "system.Everyone" on one of the parent, then the attachment can be replaced on a record using an anonymous request...

PHPOK SQL注入漏洞

phpok is a set of enterprise website system developed by Shenzhen锟絪 technology limited company using PHP+MYSQL language. PhpOK 5.4.137 suffers from a SQL injection vulnerability. An attacker can exploit this vulnerability by injecting attachment data via SQL and then calling the attachment...