Bas Schuiling

2 exploits Active since Oct 2025
CVE-2026-2732 WRITEUP MEDIUM WRITEUP
Enable Media Replace 4.1.7 - Auth Bypass
The Enable Media Replace plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the 'RemoveBackGroundViewController::load' function in all versions up to, and including, 4.1.7. This makes it possible for authenticated attackers, with Author-level access and above, to replace any attachment with a removed background attachment.
CVSS 5.4
CVE-2025-11378 WRITEUP MEDIUM WRITEUP
ShortPixel Image Optimizer - Info Disclosure
The ShortPixel Image Optimizer – Optimize Images, Convert WebP & AVIF plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'shortpixel_ajaxRequest' AJAX action in all versions up to, and including, 6.3.4. This makes it possible for authenticated attackers, with Contributor-level access and above, to export and import site options.
CVSS 5.4