cleantalk
Vulnerabilities and Security Researches

Enable Media Replace, df3e2fab6a5af3b9e0d27a3576fbf0a2a4fd63ea

CVE, Research URL

df3e2fab6a5af3b9e0d27a3576fbf0a2a4fd63ea

Home page URL

Security reports for Enable Media Replace

Application

Enable Media Replace

Published on
Sep 14, 2023
Research Description
Enable Media Replace [enable-media-replace] < 4.1.3 Enable Media Replace <= 4.1.2 - Authenticated(Author+) PHP Object Injection The Enable Media Replace plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.1.2 via deserialization of untrusted input in post content. This allows authenticated attackers with editor capabilities or above to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
Affected versions
max 4.1.3.
Status
vulnerable
Previous vulnerability researches
Enable Media Replace , May 26, 2026
Enable Media Replace (2071476a-d6de-4035-82e5-a85f73f3e3d3) , Jun 16, 2026
Enable Media Replace (df3e2fab6a5af3b9e0d27a3576fbf0a2a4fd63ea) , Jun 16, 2026
Enable Media Replace (f4b1dd6a3e69c6d6edbf516b825332a3724c8798) , Jun 16, 2026
Enable Media Replace (CVE-2026-2732) , Apr 14, 2026
New vulnerability
wpDataTables &#8211; WordPress Data Table, Dynamic Tables &amp; Table Charts Plugin (CVE-2026-54825) , Jun 24, 2026
Interactive Content – H5P (CVE-2026-56006) , Jun 24, 2026
Transbank Webpay REST (CVE-2026-6858) , Jun 24, 2026
ProfileGrid – User Profiles, Memberships, Groups and Communities (CVE-2026-4610) , Jun 24, 2026
Paymob for WooCommerce (CVE-2026-56025) , Jun 24, 2026