WordPress Plugin Enable Media Replace SQL Injection and Arbitrary File Upload Vulnerabilities - Vulnerability Database

WordPress Plugin Enable Media Replace SQL Injection and Arbitrary File Upload Vulnerabilities

Critical
Reference: No Reference
Title: WordPress Plugin Enable Media Replace SQL Injection and Arbitrary File Upload Vulnerabilities
Overview:

WordPress Plugin Enable Media Replace is prone to an SQL injection vulnerability and an arbitrary file upload vulnerability because it fails to sanitize user-supplied data. Exploiting these issues could allow an attacker to compromise the application execute arbitrary code access or modify data or exploit latent vulnerabilities in the underlying database. WordPress Plugin Enable Media Replace version 2.3 is vulnerable other versions may also be affected.