VYPR

External Image Replace

by WordPress

Source repositories

CVEs (2)

  • CVE-2025-4279HigMay 5, 2025
    risk 0.57cvss 8.8epss 0.01

    The External image replace plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'external_image_replace_get_posts::replace_post' function in all versions up to, and including, 1.0.8. This makes it possible for authenticated…

  • CVE-2025-30535MedMar 24, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in muro External image replace external-image-replace allows Cross Site Request Forgery.This issue affects External image replace: from n/a through <= 1.0.8.