4 matches found
CVE-2023-0255
The CVE-2023-0255 entry concerns the WordPress plugin Enable Media Replace, prior to version 4.0.2. The vulnerability allows authors to upload arbitrary files to the site via the plugin, which may lead to PHP shells being uploaded on affected installations. The underlying issue is an inadequate v...
CVE-2023-6737
CVE-2023-6737 affects the WordPress plugin Enable Media Replace (all versions up to and including 4.1.4). It enables Reflected Cross-Site Scripting via the SHORTPIXEL_DEBUG parameter due to insufficient input sanitization and escaping. Exploitation requires an attacker to craft a payload that run...
CVE-2022-2554
The CVE-2022-2554 entry concerns the WordPress plugin Enable Media Replace (versions before 4.0.0). The root cause is that renamed files are not reliably moved into the Upload folder, enabling path traversal to place files outside the Upload directory, potentially in web root. Impact stated in so...
CVE-2023-4643
CVE-2023-4643 affects the WordPress Enable Media Replace plugin prior to version 4.1.3. The vulnerability stems from the plugin unserializing user input via the Remove Background feature, which enables PHP Object Injection if a suitable gadget is present on the blog. Multiple sources (NVD/NVD-der...