CVE-2025-31081 — Cross-site Scripting in Enable Media Replace

CWE-79 — Cross-site Scripting CWE-126 — Buffer Over-read4 documents4 sources

Severity

7.3HIGH

No vector

EPSS

0.3%

top 50.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Shortpixel Enable Media Replace

Timeline

PublishedApr 1

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ShortPixel Enable Media Replace enable-media-replace allows Reflected XSS.This issue affects Enable Media Replace: from n/a through <= 4.1.5.

Affected Packages1 packages

▶CVEListV5shortpixel/enable_media_replace4.1.5

🔴Vulnerability Details

CVEList

WordPress Enable Media Replace plugin <= 4.1.5 - Reflected Cross Site Scripting (XSS) vulnerability↗2025-04-01

▶

GHSA

GHSA-hjj5-539p-596j: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ShortPixel Enable Media Replace allows Reflected↗2025-04-01

▶

📋Vendor Advisories

Microsoft

Xorg-x11-server: heap buffer overread/data leakage in procxipassivegrabdevice↗2024-04-09

▶