CVE-2026-5714

The Enable Media Replace plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘locationdir’ parameter in all versions up to, and including, 4.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level...

CVE-2025-31081 WordPress Enable Media Replace plugin <= 4.1.5 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ShortPixel Enable Media Replace enable-media-replace allows Reflected XSS.This issue affects Enable Media Replace: from n/a through = 4.1.5...

CVE-2022-46850

Auth. author+ Broken Access Control vulnerability leading to Arbitrary File Deletion in Nabil Lemsieh Easy Media Replace plugin = 0.1.3 versions...

Improper access control

Auth. author+ Broken Access Control vulnerability leading to Arbitrary File Deletion in Nabil Lemsieh Easy Media Replace plugin = 0.1.3 versions...

CVE-2022-46850 WordPress Easy Media Replace Plugin <= 0.1.3 is vulnerable to Arbitrary File Deletion

Auth. author+ Broken Access Control vulnerability leading to Arbitrary File Deletion in Nabil Lemsieh Easy Media Replace plugin = 0.1.3 versions...

Enable Media Replace Plugin for WordPress < 4.0.2 Arbitrary File Upload

The WordPress Enable Media Replace Plugin installed on the remote host is affected by a arbitrary file upload vulnerability. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. No source data...

WordPress Enable Media Replace Plugin - Multiple Vulnerabilities

In general, impact of this plugin is information retrieval and manipulation, arbitrary code execution. More details: there exist multiple vulnerabilities in Enable Media Replace plugin for WordPress: 1. Users can perform SQL injection attacks against the plugin. 2. Users can upload arbitrary file...