Shortpixel Enable Media Replace — known CVE vulnerabilities
Every CVE whose affected-product data names Shortpixel Enable Media Replace, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2023-0255 — CVSS 8.8 (high): The Enable Media Replace WordPress plugin before 4.0.2 does not prevent authors from uploading arbitrary files to the site, which may allow…
CVE-2023-4643 — CVSS 8.8 (high): The Enable Media Replace WordPress plugin before 4.1.3 unserializes user input via the Remove Background feature, which could allow Author+…
CVE-2022-2554 — CVSS 4.9 (medium): The Enable Media Replace WordPress plugin before 4.0.0 does not ensure that renamed files are moved to the Upload folder, which could allow…
CVE-2023-6737 — CVSS 4.7 (medium): The Enable Media Replace plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the SHORTPIXEL_DEBUG parameter in all…