VYPR

Enable Media Replace

by Shortpixel

Source repositories

CVEs (3)

  • CVE-2025-31081HigApr 1, 2025
    risk 0.39cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ShortPixel Enable Media Replace enable-media-replace allows Reflected XSS.This issue affects Enable Media Replace: from n/a through <= 4.1.5.

  • CVE-2023-6737MedJan 11, 2024
    risk 0.31cvss 4.7epss 0.00

    The Enable Media Replace plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the SHORTPIXEL_DEBUG parameter in all versions up to, and including, 4.1.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated…

  • CVE-2026-2732MedMar 4, 2026
    risk 0.28cvss 5.4epss 0.00

    The Enable Media Replace plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the 'RemoveBackGroundViewController::load' function in all versions up to, and including, 4.1.7. This makes it possible for authenticated…