Vulnerabilities and security researches forexternal-image-replace external-image-replace

Mar 26, 2025

CVE, Research URL: CVE-2025-30535
Home page URL: Security reports for External image replace
Application: External image replace
Date: Mar 24, 2025
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in muro External image replace allows Cross Site Request Forgery. This issue affects External image replace: from n/a through 1.0.8.
Affected versions: Min -, max -.
Status: vulnerable

May 06, 2025

CVE, Research URL: CVE-2025-4279
Home page URL: Security reports for External image replace
Application: External image replace
Date: May 06, 2025
Research Description: The External image replace plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'external_image_replace_get_posts::replace_post' function in all versions up to, and including, 1.0.8. This makes it possible for authenticated attackers, with contributor-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible.
Affected versions: Min -, max -.
Status: vulnerable