CVE-2023-0255

Published: Feb 13, 2023Modified: Mar 21, 2025

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

The Enable Media Replace WordPress plugin before 4.0.2 does not prevent authors from uploading arbitrary files to the site, which may allow them to upload PHP shells on affected sites.

Affected (1)

Products: Shortpixel: Enable Media Replace

Shortpixel

1 product

Enable Media Replace

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Shortpixel Enable Media Replace	Before 4.0.2

Related CWEs

CWE-434

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (2)

https://wpscan.com/vulnerability/b0239208-1e23-4774-9b8c-9611704a07a0

Source: contact@wpscan.com

ExploitThird Party Advisory

https://wpscan.com/vulnerability/b0239208-1e23-4774-9b8c-9611704a07a0

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.