CVE-2023-0255: Enable Media Replace < 4.0.2 - Author+ Arbitrary File Upload
First published: Mon Feb 13 2023(Updated: )
The Enable Media Replace WordPress plugin before 4.0.2 does not prevent authors from uploading arbitrary files to the site, which may allow them to upload PHP shells on affected sites.
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Shortpixel Enable Media Replace | <4.0.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2023-0255?
CVE-2023-0255 is a vulnerability found in the Enable Media Replace WordPress plugin before version 4.0.2.
What is the severity of CVE-2023-0255?
CVE-2023-0255 has a severity score of 8.8, classified as high.
How does CVE-2023-0255 affect software?
CVE-2023-0255 affects the Shortpixel Enable Media Replace WordPress plugin up to version 4.0.2.
What is the description of CVE-2023-0255?
CVE-2023-0255 allows authors to upload arbitrary files to the site, potentially enabling them to upload PHP shells on affected sites.
How can I fix CVE-2023-0255?
To fix CVE-2023-0255, update the Enable Media Replace WordPress plugin to version 4.0.2 or later.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/title
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/shortpixel
- canonical/shortpixel enable media replace