Skip to main content

Enable Media Replace CVE-2026-57722

| EUVDEUVD-2026-41096 MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2026-07-01 Patchstack GHSA-c8m2-cj6f-v5p6
5.9
CVSS 3.1 · Vendor: Patchstack
Share

Severity by source

Vendor (Patchstack) PRIMARY
5.9 MEDIUM
AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
vuln.today AI
4.8 MEDIUM

PR:H reflects editor-level authentication required to inject the payload; A:N applied because stored XSS does not disrupt service availability.

3.1 AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.0 AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N

Primary rating from Vendor (Patchstack).

CVSS VectorVendor: Patchstack

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

1
Analysis Generated
Jul 01, 2026 - 18:26 vuln.today

DescriptionCVE.org

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ShortPixel Enable Media Replace allows Stored XSS.

This issue affects Enable Media Replace: from n/a through 4.2.1.

AnalysisAI

Stored cross-site scripting in the ShortPixel Enable Media Replace WordPress plugin (all versions through 4.2.1) allows an authenticated attacker with high-level privileges to inject persistent malicious scripts via the media replacement workflow, which then execute in the browser context of any WordPress user who subsequently views the affected content. The scope change confirmed by the CVSS vector (S:C) means a compromised editor-level account could be leveraged to target administrator sessions, enabling privilege escalation within the WordPress admin interface. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon
Obtain WordPress editor-level credentials
Delivery
Access Media Library Replace Media feature
Exploit
Inject stored XSS payload into unvalidated input field
Install
Payload persisted in WordPress database
C2
Administrator loads affected content in browser
Execute
Injected script executes in admin browser context
Impact
Session token exfiltrated or privileged action performed

Vulnerability AssessmentAI

Exploitation Exploitation requires an authenticated WordPress session with at minimum the capability to use the Enable Media Replace plugin's media replacement feature, corresponding to Editor role or higher in a default WordPress configuration (consistent with PR:H in the CVSS vector). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The NVD CVSS 3.1 score of 5.9 (Medium) accurately reflects a bounded but real threat. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has obtained WordPress editor-level credentials through phishing or credential stuffing accesses the Media Library, selects an existing media item, and uses the Replace Media feature to inject a malicious JavaScript payload into an input field that is stored without sanitization. When a site administrator later navigates to the WordPress dashboard or a page that renders the affected media metadata, the stored script executes silently in the admin's browser, potentially exfiltrating the session cookie or issuing authenticated admin API requests on the attacker's behalf.
Remediation Update the Enable Media Replace plugin to a version released after 4.2.1 once ShortPixel publishes a patched release; monitor the Patchstack advisory at https://patchstack.com/database/wordpress/plugin/enable-media-replace/vulnerability/wordpress-enable-media-replace-plugin-4-2-1-cross-site-scripting-xss-vulnerability?_s_id=cve for confirmation of the exact fixed version number, which is not independently confirmed in available data. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-57722 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy