CVE Catalog

CVE-2026-57722

MediumCVSS 5.9
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.15%

4th percentile — higher than 4% of all known CVEs

Summary

The Enable Media Replace WordPress plugin contains a stored Cross-Site Scripting (XSS) vulnerability due to improper input neutralization during page generation. This affects versions from n/a through 4.2.1.

Risk Assessment

An attacker can inject a malicious script that executes in administrators' browsers, potentially leading to session theft, content manipulation, or further privilege escalation within WordPress.

Recommendation

Immediately update the Enable Media Replace plugin to version 4.2.2 or later, which includes a fix for the XSS vulnerability.

Original NVD description (English source)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ShortPixel Enable Media Replace allows Stored XSS. This issue affects Enable Media Replace: from n/a through 4.2.1.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS