cleantalk
Vulnerabilities and Security Researches

Enable Media Replace, PSC-2026-64661

PSC, Research URL

PSC-2026-64661

Home page URL

Security reports for Enable Media Replace

Application

Enable Media Replace

Published on
May 26, 2026
Research Description
Media replacement plugins work directly with the WordPress upload directory, attachment records, file names, MIME types, and references embedded across posts and pages. That makes them operationally useful, but also security-sensitive: insufficient checks can lead to arbitrary file upload, unauthorized file overwrite, path manipulation, or integrity damage to existing content. Enable Media Replace version 4.1.9 has successfully completed the CleanTalk Plugin Security Certification process and received PSC-2026-64661, confirming that the plugin was reviewed from a secure code perspective with attention to common exploitation paths for media management and file replacement plugins.
Affected versions
Min 4.1.9, max 4.1.9.
Status
SAFE & CERTIFIED
Previous vulnerability researches
Enable Media Replace , May 26, 2026
Enable Media Replace (CVE-2026-2732) , Apr 14, 2026
Enable Media Replace (CVE-2023-0255) , Jun 06, 2024
Enable Media Replace (CVE-2023-6737) , Jun 06, 2024
Enable Media Replace (998cd782c633045e5da1cdac6b7b7cd2ce8eb0d2) , Jun 06, 2024
New vulnerability
WP Activity Log (CVE-2026-45435) , May 26, 2026
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) (CVE-2026-48837) , May 26, 2026
Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode , May 26, 2026
Instant Images – One Click Image Uploads from Unsplash, Openverse, Pixabay and Pexels , May 26, 2026
Enable Media Replace , May 26, 2026