Shortpixel Enable_media_replace
4 CVEs affecting Shortpixel Enable_media_replace. Latest disclosed: 2024-01-11. Critical: 0, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-4643 | High | 8.8 | 2023-10-16 | The Enable Media Replace WordPress plugin before 4.1.3 unserializes user input via the Remove Background feature, which could allow Author+ users to perform PH… |
CVE-2023-0255 | High | 8.8 | 2023-02-13 | The Enable Media Replace WordPress plugin before 4.0.2 does not prevent authors from uploading arbitrary files to the site, which may allow them to upload PHP… |
CVE-2022-2554 | Medium | 4.9 | 2022-10-10 | The Enable Media Replace WordPress plugin before 4.0.0 does not ensure that renamed files are moved to the Upload folder, which could allow high privilege user… |
CVE-2023-6737 | Medium | 4.7 | 2024-01-11 | The Enable Media Replace plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the SHORTPIXEL_DEBUG parameter in all versions up to, and inc… |