Description
The Enable Media Replace plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the 'RemoveBackGroundViewController::load' function in all versions up to, and including, 4.1.7. This makes it possible for authenticated attackers, with Author-level access and above, to replace any attachment with a removed background attachment.
Published: 2026-03-04
Score: 5.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Improper Authorization allowing an authenticated Author or higher to arbitrarily replace media attachments with versions that have their background removed
Action: Patch
AI Analysis

Impact

The Enable Media Replace plugin suffers from an improper capability check in the RemoveBackGroundViewController::load function. Because of this flaw, an authenticated user with Author level access or higher can invoke the background replacement routine on any attachment, resulting in the original media file being overwritten with a background‑removed variant. This allows a legitimate contributor or attacker to modify or destroy content that they should not be able to alter, potentially causing integrity violations and loss of media assets.

Affected Systems

All installations of the Enable Media Replace WordPress plugin from shortpixel that are at version 4.1.7 or earlier are affected. The plugin is commonly used on WordPress sites that manage media libraries and provide background removal features.

Risk and Exploitability

The flaw is rated with a CVSS score of 5.4, indicating moderate severity. The EPSS score is less than 1%, suggesting a very low probability of widespread exploitation at present. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires an authenticated session with Author or higher capabilities; unauthenticated attackers cannot trigger the vulnerability. Therefore, the attack vector is credential‑based, with the potential impact limited to the scope of the attacker’s privileges but still allowing significant content tampering.

Generated by OpenCVE AI on April 15, 2026 at 20:04 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Enable Media Replace plugin to the latest released version which removes the improper capability check.
  • If an immediate update is not feasible, disable the background replacement feature in the plugin’s settings to prevent the function from being invoked by any user.
  • Monitor attachment changes in the media library for unexpected replacements or modifications, and audit users with Author or higher roles for suspicious activity.

Generated by OpenCVE AI on April 15, 2026 at 20:04 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 04 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 04 Mar 2026 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Shortpixel
Shortpixel enable Media Replace
Wordpress
Wordpress wordpress
Vendors & Products Shortpixel
Shortpixel enable Media Replace
Wordpress
Wordpress wordpress

Wed, 04 Mar 2026 06:30:00 +0000

Type Values Removed Values Added
Description The Enable Media Replace plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the 'RemoveBackGroundViewController::load' function in all versions up to, and including, 4.1.7. This makes it possible for authenticated attackers, with Author-level access and above, to replace any attachment with a removed background attachment.
Title Enable Media Replace <= 4.1.7 - Improper Authorization to Authenticated (Author+) Arbitrary Attachment Change via Background Replace
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L'}

Subscriptions

Shortpixel Enable Media Replace
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2026-04-08T16:43:53.355Z

Reserved: 2026-02-19T06:33:05.462Z

Link: CVE-2026-2732

cve-icon Vulnrichment

Updated: 2026-03-04T15:03:18.652Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-04T07:16:14.577

Modified: 2026-03-04T18:08:05.730

Link: CVE-2026-2732

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-15T20:15:13Z

Weaknesses