WordPress Plugin Vulnerabilities

Enable Media Replace < 4.1.8 - Author+ Arbitrary Attachment Change via Background Replace

Description

The plugin is vulnerable to unauthorized modification of data due to an improper capability check on the 'RemoveBackGroundViewController::load' function. This makes it possible for authenticated attackers, with Author-level access and above, to replace any attachment with a removed background attachment.

Affects Plugins

Plugin icon
enable-media-replace
Fixed in 4.1.8

References

CVE
CVE-2026-2732
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/2c5f2dc8-67f7-4dbf-8631-f434522f1b53

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
2.7 (low)

Miscellaneous

Original Researcher
Or Benit
Verified
No
WPVDB ID
5249c96d-23b7-4e9a-b988-bbee4369a3d0

Timeline

Publicly Published
2026-03-03 (about 2 months ago)
Added
2026-03-03 (about 2 months ago)
Last Updated
2026-03-03 (about 2 months ago)

Other

Published
Title
Published
2025-07-29
Title
Bookify < 1.0.10 - Authenticated (Subscriber+) Privilege Escalation
Published
2022-09-26
Title
miniOrange Discord Integration < 2.1.6 - Subscriber+ App Disabling
Published
2025-01-15
Title
Ksher < 1.1.3 - Missing Authorization
Published
2025-01-06
Title
WP Menu Image < 2.3 - Unauthenticated Menu Image Deletion
Published
2026-02-06
Title
PublishPress Authors < 4.11.0 - Missing Authorization