4 matches found
CVE-2025-9496
The Enable Media Replace plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's filemodified shortcode in all versions up to, and including, 4.1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-9496
The Enable Media Replace plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's filemodified shortcode in all versions up to, and including, 4.1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-9496
CVE-2025-9496 affects the Enable Media Replace WordPress plugin (up to version 4.1.6). Root cause: stored XSS via the file_modified shortcode due to insufficient input sanitization and output escaping on user-supplied attributes. Impact: authenticated attackers withContributor+ access can inject ...
CVE-2025-9496 Enable Media Replace <= 4.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via file_modified Shortcode
The Enable Media Replace plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's filemodified shortcode in all versions up to, and including, 4.1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...