CVE-2023-0255

HIGH

Enable Media Replace <4.0.2 - Code Injection

Title source: llm

Description

The Enable Media Replace WordPress plugin before 4.0.2 does not prevent authors from uploading arbitrary files to the site, which may allow them to upload PHP shells on affected sites.

Exploits (1)

inthewild

poc

https://github.com/codeb0ss/cve-2023-0255-poc

View on inthewild

References (1)

[Exploit, Third Party Advisory] https://wpscan.com/vulnerability/b0239208-1e23-4774-9b8c-9611704a07a0

Scores

CVSS v3 8.8

EPSS 0.0139

EPSS Percentile 80.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-434

Status published

Products (1)

shortpixel/enable_media_replace < 4.0.2

Published Feb 13, 2023

Tracked Since Feb 18, 2026