WordPress Plugin Enable Media Replace SQL Injection and Arbitrary File Upload Vulnerabilities
WordPress Plugin Enable Media Replace is prone to an SQL injection vulnerability and an arbitrary file upload vulnerability because it fails to sanitize user-supplied data. Exploiting these issues could allow an attacker to compromise the application execute arbitrary code access or modify data or exploit latent vulnerabilities in the underlying database. WordPress Plugin Enable Media Replace version 2.3 is vulnerable other versions may also be affected.