3 matches found
CVE-2023-6737 Enable Media Replace <= 4.1.4 - Reflected Cross-Site Scripting
The Enable Media Replace plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the SHORTPIXELDEBUG parameter in all versions up to, and including, 4.1.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2023-6737
CVE-2023-6737 affects the WordPress plugin Enable Media Replace (all versions up to and including 4.1.4). It enables Reflected Cross-Site Scripting via the SHORTPIXEL_DEBUG parameter due to insufficient input sanitization and escaping. Exploitation requires an attacker to craft a payload that run...
WordPress Enable Media Replace Plugin <= 4.1.4 is vulnerable to Cross Site Scripting (XSS)
Software Enable Media Replace Type Plugin Vulnerable versions = 4.1.4 Fixed in 4.1.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-6737 Patch priority Medium CVSS severity Medium 7.1 Developer ShortPixel PSID 6b527c26ad78 Credits Nex Team Required privilege...