Shortpixel Enable_media_replace

4 CVEs affecting Shortpixel Enable_media_replace. Latest disclosed: 2024-01-11. Critical: 0, High: 2.

Top CVEs affecting Shortpixel Enable_media_replace
CVESeverityScorePublishedSummary
CVE-2023-4643High8.82023-10-16The Enable Media Replace WordPress plugin before 4.1.3 unserializes user input via the Remove Background feature, which could allow Author+ users to perform PH…
CVE-2023-0255High8.82023-02-13The Enable Media Replace WordPress plugin before 4.0.2 does not prevent authors from uploading arbitrary files to the site, which may allow them to upload PHP…
CVE-2022-2554Medium4.92022-10-10The Enable Media Replace WordPress plugin before 4.0.0 does not ensure that renamed files are moved to the Upload folder, which could allow high privilege user…
CVE-2023-6737Medium4.72024-01-11The Enable Media Replace plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the SHORTPIXEL_DEBUG parameter in all versions up to, and inc…