cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-6737,https://securityvulnerability.io/vulnerability/CVE-2023-6737,Reflected Cross-Site Scripting Vulnerability in Enable Media Replace Plugin for WordPress,"The Enable Media Replace plugin for WordPress fails to adequately sanitize and escape user inputs, allowing unauthenticated attackers to exploit the SHORTPIXEL_DEBUG parameter. By tricking users into clicking malicious links, attackers can inject and execute arbitrary web scripts on affected sites. This vulnerability affects all versions up to and including 4.1.4, posing a substantial risk if the ID of an uploaded attachment is known to the attacker.",Wordpress,Enable Media Replace,6.1,MEDIUM,0.0005499999970197678,false,,false,false,false,,false,false,2024-01-11T08:32:57.215Z,0
CVE-2023-4643,https://securityvulnerability.io/vulnerability/CVE-2023-4643,Enable Media Replace < 4.1.3 - Author+ PHP Object Injection,"The Enable Media Replace plugin for WordPress prior to version 4.1.3 is vulnerable due to improper handling of user input through the Remove Background feature. An attacker with Author+ privileges can exploit this vulnerability to perform PHP Object Injection if a suitable gadget exists within the blog environment, potentially compromising the site's security.",Wordpress,Enable Media Replace,8.8,HIGH,0.0008399999933317304,false,,false,false,false,,false,false,2023-10-16T20:15:00.000Z,0
CVE-2023-0255,https://securityvulnerability.io/vulnerability/CVE-2023-0255,Enable Media Replace < 4.0.2 - Author+ Arbitrary File Upload,"The Enable Media Replace WordPress plugin, prior to version 4.0.2, allows unauthorized users to upload arbitrary files. This functionality can be exploited by malicious actors to upload PHP shell scripts, potentially compromising the integrity and confidentiality of the affected WordPress sites. Site administrators should consider upgrading to the latest version to mitigate the risks posed by this vulnerability.",Wordpress,Enable Media Replace,8.8,HIGH,0.0011399999493733048,false,,false,false,false,,false,false,2023-02-13T15:15:00.000Z,0
CVE-2022-2554,https://securityvulnerability.io/vulnerability/CVE-2022-2554,Enable Media Replace < 4.0.0 - Admin+ Path Traversal,"The Enable Media Replace WordPress plugin before 4.0.0 does not ensure that renamed files are moved to the Upload folder, which could allow high privilege users such as admin to move them outside to the web root directory via a path traversal attack for example",Wordpress,Enable Media Replace,4.9,MEDIUM,0.0005600000149570405,false,,false,false,false,,false,false,2022-10-10T00:00:00.000Z,0