Enable Media Replace

Vulnerabilities 11Slug enable-media-replaceLatest version 4.1.9WordPress.org →

Minimum safe version

4.1.8

Update to 4.1.8 or later to address 11 fixable vulnerabilities

Latest available4.1.9 ✓

N/A

2026-03-03< 4.1.8

Enable Media Replace <= 4.1.7 - Improper Authorization to Authenticated (Author+) Arbitrary Attachment Change via Background Replace

Wordfence CVE

Medium 6.4

2025-10-11< 4.1.7

Enable Media Replace <= 4.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via file_modified Shortcode

EUVD Wordfence CVE

High 7.1

2025-04-01< 4.1.6

CVE-2025-31081

CVE Patchstack Wordfence EUVD

Medium 6.1

2024-12-14< 4.1.5

WordPress Enable Media Replace Plugin <= 4.1.4 is vulnerable to Cross Site Scripting (XSS)

Patchstack CVE Wordfence WPScan

High 8.8

2023-10-16< 4.1.3

CVE-2023-4643

CVE WPScan

N/A

2023-09-15< 4.1.3

WordPress Enable Media Replace Plugin < 4.1.3 is vulnerable to PHP Object Injection

Patchstack

N/A

2023-09-14< 4.1.3

Enable Media Replace <= 4.1.2 - Authenticated(Author+) PHP Object Injection

Wordfence

High 8.8

2023-02-13< 4.0.2

CVE-2023-0255

CVE Patchstack Wordfence WPScan

N/A

< 2.4

Enable Media Replace <= 2.3 - Multiple Vulnerabilities

WPScan

Medium 4.9

2023-09-14< 4.0.0

WordPress Enable Media Replace Plugin <= 3.6.3 is vulnerable to Directory Traversal

Patchstack CVE Wordfence WPScan

N/A

2011-02-09< 2.4

WordPress Enable Media Replace Plugin - Multiple Vulnerabilities

Patchstack