Unknown Enable Media Replace vulnerabilities
3 known vulnerabilities affecting unknown/enable_media_replace.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2023-4643HIGHCVSS 8.8fixed in 4.1.32023-10-16
CVE-2023-4643 [HIGH] CWE-502 CVE-2023-4643: The Enable Media Replace WordPress plugin before 4.1.3 unserializes user input via the Remove Backgr
The Enable Media Replace WordPress plugin before 4.1.3 unserializes user input via the Remove Background feature, which could allow Author+ users to perform PHP Object Injection when a suitable gadget is present on the blog
cvelistv5nvd
CVE-2023-0255HIGHCVSS 8.8fixed in 4.0.22023-02-13
CVE-2023-0255 [HIGH] CWE-434 CVE-2023-0255: The Enable Media Replace WordPress plugin before 4.0.2 does not prevent authors from uploading arbit
The Enable Media Replace WordPress plugin before 4.0.2 does not prevent authors from uploading arbitrary files to the site, which may allow them to upload PHP shells on affected sites.
cvelistv5nvd
CVE-2022-2554MEDIUMCVSS 4.9≥ 4.0.0, < 4.0.02022-10-10
CVE-2022-2554 [MEDIUM] CWE-22 CVE-2022-2554: The Enable Media Replace WordPress plugin before 4.0.0 does not ensure that renamed files are moved
The Enable Media Replace WordPress plugin before 4.0.0 does not ensure that renamed files are moved to the Upload folder, which could allow high privilege users such as admin to move them outside to the web root directory via a path traversal attack for example
cvelistv5nvd