CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6737 – Enable Media Replace <= 4.1.4 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2023-6737
18 Dec 2023 — The Enable Media Replace plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the SHORTPIXEL_DEBUG parameter in all versions up to, and including, 4.1.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. Exploiting this vulnerability requires the attacker to know the ID of an attachm... • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3010103%40enable-media-replace%2Ftrunk&old=2990561%40enable-media-replace%2Ftrunk&sfp_email=&sfph_mail= • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-4643 – Enable Media Replace < 4.1.3 - Author+ PHP Object Injection
https://notcve.org/view.php?id=CVE-2023-4643
14 Sep 2023 — The Enable Media Replace WordPress plugin before 4.1.3 unserializes user input via the Remove Background feature, which could allow Author+ users to perform PHP Object Injection when a suitable gadget is present on the blog El complemento Enable Media Replace de WordPress anterior a 4.1.3 deserializa la entrada del usuario a través de la función Remove Background, lo que podría permitir a los usuarios con permisos de autor o superiores realizar inyección de objetos PHP cuando hay un gadget adecuado presente... • https://wpscan.com/vulnerability/d9125604-2236-435c-a67c-07951a1fc5b1 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 2CVE-2023-0255 – Enable Media Replace < 4.0.2 - Author+ Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2023-0255
17 Jan 2023 — The Enable Media Replace WordPress plugin before 4.0.2 does not prevent authors from uploading arbitrary files to the site, which may allow them to upload PHP shells on affected sites. The Enable Media Replace plugin for WordPress is vulnerable to arbitrary file uploads in versions up to, and including, 4.0.1. This makes it possible for authenticated attackers, with author-level permissions and above, to upload arbitrary files on the affected sites server which may make remote code execution possible. • https://github.com/codeb0ss/CVE-2023-0255-PoC • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2554 – Enable Media Replace < 4.0.0 - Admin+ Path Traversal
https://notcve.org/view.php?id=CVE-2022-2554
14 Sep 2022 — The Enable Media Replace WordPress plugin before 4.0.0 does not ensure that renamed files are moved to the Upload folder, which could allow high privilege users such as admin to move them outside to the web root directory via a path traversal attack for example El plugin Enable Media Replace de WordPress versiones anteriores a 4.0.0, no asegura que los archivos renombrados sean movidos a la carpeta Upload, lo que podría permitir a usuarios con altos privilegios, como el administrador, moverlos fuera del dir... • https://wpscan.com/vulnerability/5872f4bf-f423-4ace-b8b6-d4cc4f6ca8d9 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •