Lucene search
K
ShortpixelEnable Media Replace

4 matches found

CVE
CVE
added 2023/02/13 2:32 p.m.105 views

CVE-2023-0255

The CVE-2023-0255 entry concerns the WordPress plugin Enable Media Replace, prior to version 4.0.2. The vulnerability allows authors to upload arbitrary files to the site via the plugin, which may lead to PHP shells being uploaded on affected installations. The underlying issue is an inadequate v...

8.8CVSS8.8AI score0.01096EPSS
Web
CVE
CVE
added 2024/01/11 8:32 a.m.95 views

CVE-2023-6737

CVE-2023-6737 affects the WordPress plugin Enable Media Replace (all versions up to and including 4.1.4). It enables Reflected Cross-Site Scripting via the SHORTPIXEL_DEBUG parameter due to insufficient input sanitization and escaping. Exploitation requires an attacker to craft a payload that run...

6.1CVSS6.2AI score0.00493EPSS
CVE
CVE
added 2022/10/10 12:0 a.m.62 views

CVE-2022-2554

The CVE-2022-2554 entry concerns the WordPress plugin Enable Media Replace (versions before 4.0.0). The root cause is that renamed files are not reliably moved into the Upload folder, enabling path traversal to place files outside the Upload directory, potentially in web root. Impact stated in so...

4.9CVSS5AI score0.00781EPSS
Web
CVE
CVE
added 2023/10/16 7:38 p.m.55 views

CVE-2023-4643

CVE-2023-4643 affects the WordPress Enable Media Replace plugin prior to version 4.1.3. The vulnerability stems from the plugin unserializing user input via the Remove Background feature, which enables PHP Object Injection if a suitable gadget is present on the blog. Multiple sources (NVD/NVD-der...

8.8CVSS8.9AI score0.00837EPSS
Web