3 matches found
CVE-2023-0255
The CVE-2023-0255 entry concerns the WordPress plugin Enable Media Replace, prior to version 4.0.2. The vulnerability allows authors to upload arbitrary files to the site via the plugin, which may lead to PHP shells being uploaded on affected installations. The underlying issue is an inadequate v...
CVE-2022-2554
The CVE-2022-2554 entry concerns the WordPress plugin Enable Media Replace (versions before 4.0.0). The root cause is that renamed files are not reliably moved into the Upload folder, enabling path traversal to place files outside the Upload directory, potentially in web root. Impact stated in so...
CVE-2023-4643
CVE-2023-4643 affects the WordPress Enable Media Replace plugin prior to version 4.1.3. The vulnerability stems from the plugin unserializing user input via the Remove Background feature, which enables PHP Object Injection if a suitable gadget is present on the blog. Multiple sources (NVD/NVD-der...