79 matches found
CVE-2026-2732
The Enable Media Replace plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the 'RemoveBackGroundViewController::load' function in all versions up to, and including, 4.1.7. This makes it possible for authenticated attackers, with...
CVE-2026-2732 Enable Media Replace <= 4.1.7 - Improper Authorization to Authenticated (Author+) Arbitrary Attachment Change via Background Replace
The Enable Media Replace plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the 'RemoveBackGroundViewController::load' function in all versions up to, and including, 4.1.7. This makes it possible for authenticated attackers, with...
CVE-2026-2732
CVE-2026-2732 - Enable Media Replace (WordPress) vulnerability : Affected versions are
CVE-2026-2732
The Enable Media Replace plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the 'RemoveBackGroundViewController::load' function in all versions up to, and including, 4.1.7. This makes it possible for authenticated attackers, with...
CVE-2026-2732 Enable Media Replace <= 4.1.7 - Improper Authorization to Authenticated (Author+) Arbitrary Attachment Change via Background Replace
The Enable Media Replace plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the 'RemoveBackGroundViewController::load' function in all versions up to, and including, 4.1.7. This makes it possible for authenticated attackers, with...
WordPress plugin Enable Media Replace 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
PT-2026-22870
Name of the Vulnerable Software and Affected Versions Enable Media Replace plugin for WordPress versions through 4.1.7 Description The Enable Media Replace plugin for WordPress has a flaw that allows unauthorized modification of data. This is due to an insufficient capability check within the...
WordPress Enable Media Replace plugin <= 4.1.7 - Improper Authorization to Authenticated (Author+) Arbitrary Attachment Change via Background Replace vulnerability
Improper Authorization to Authenticated Author+ Arbitrary Attachment Change via Background Replace vulnerability discovered by Or Benit - MadSec in WordPress Plugin Enable Media Replace versions = 4.1.7...
CVE-2025-9496
The Enable Media Replace plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's filemodified shortcode in all versions up to, and including, 4.1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
EUVD-2025-33820
The Enable Media Replace plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's filemodified shortcode in all versions up to, and including, 4.1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-9496
CVE-2025-9496 affects the Enable Media Replace WordPress plugin (up to version 4.1.6). Root cause: stored XSS via the file_modified shortcode due to insufficient input sanitization and output escaping on user-supplied attributes. Impact: authenticated attackers withContributor+ access can inject ...
CVE-2025-9496 Enable Media Replace <= 4.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via file_modified Shortcode
The Enable Media Replace plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's filemodified shortcode in all versions up to, and including, 4.1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-9496 Enable Media Replace <= 4.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via file_modified Shortcode
The Enable Media Replace plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's filemodified shortcode in all versions up to, and including, 4.1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
WordPress plugin Enable Media Replace 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...
PT-2025-41646
Name of the Vulnerable Software and Affected Versions Enable Media Replace plugin for WordPress versions up to and including 4.1.6 Description The software is susceptible to Stored Cross-Site Scripting through the file modified shortcode. Insufficient input sanitization and output escaping on...
WordPress Enable Media Replace plugin <= 4.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via file_modified Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via filemodified Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Enable Media Replace versions = 4.1.6...
EUVD-2025-9471
Malicious code in bioql PyPI...
EUVD-2023-12336
Malicious code in bioql PyPI...
EUVD-2022-49631
Malicious code in bioql PyPI...
EUVD-2023-54495
Malicious code in bioql PyPI...