CVE-2026-5714 – Enable Media Replace

CVE ID :CVE-2026-5714

Published : June 9, 2026, 3:16 a.m. | 1 hour, 18 minutes ago

Description :The Enable Media Replace plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘location_dir’ parameter in all versions up to, and including, 4.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-7556 – FV Flowplayer Video Player

CVE-2026-11621 – Dcat-Admin User Setting upload editorMDUpload unrestricted upload

CVE-2026-11620 – TOTOLINK EX200 vsftpd vsftpd.conf least privilege violation

CVE-2026-11619 – Dolibarr ERP CRM Legacy Filemanager config.inc.php improper authorization