2 matches found
CVE-2025-4279
The External image replace plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'externalimagereplacegetposts::replacepost' function in all versions up to, and including, 1.0.8. This makes it possible for authenticated attackers, with...
WordPress External image replace plugin <= 1.0.8 - Authenticated (Contributor+) Arbitrary File Upload vulnerability
Authenticated Contributor+ Arbitrary File Upload vulnerability discovered by István Márton in WordPress Plugin External image replace versions = 1.0.8...