CVE-2026-57722
MediumCVSS 5.9Exploitation Probability (EPSS)
Low risk4th percentile — higher than 4% of all known CVEs
Summary
The Enable Media Replace WordPress plugin contains a stored Cross-Site Scripting (XSS) vulnerability due to improper input neutralization during page generation. This affects versions from n/a through 4.2.1.
Risk Assessment
An attacker can inject a malicious script that executes in administrators' browsers, potentially leading to session theft, content manipulation, or further privilege escalation within WordPress.
Recommendation
Immediately update the Enable Media Replace plugin to version 4.2.2 or later, which includes a fix for the XSS vulnerability.
Original NVD description (English source)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ShortPixel Enable Media Replace allows Stored XSS. This issue affects Enable Media Replace: from n/a through 4.2.1.

