{"id":"CVE-2026-2732","details":"The Enable Media Replace plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the 'RemoveBackGroundViewController::load' function in all versions up to, and including, 4.1.7. This makes it possible for authenticated attackers, with Author-level access and above, to replace any attachment with a removed background attachment.","modified":"2026-03-15T22:52:33.146713Z","published":"2026-03-04T07:16:14.577Z","references":[{"type":"WEB","url":"https://plugins.trac.wordpress.org/browser/enable-media-replace/tags/4.1.7/classes/ViewController/RemoveBackgroundViewController.php#L35"},{"type":"WEB","url":"https://plugins.trac.wordpress.org/browser/enable-media-replace/tags/4.1.7/classes/ViewController/RemoveBackgroundViewController.php#L68"},{"type":"WEB","url":"https://plugins.trac.wordpress.org/changeset/3473504/enable-media-replace#file26"},{"type":"WEB","url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2c5f2dc8-67f7-4dbf-8631-f434522f1b53?source=cve"},{"type":"FIX","url":"https://github.com/short-pixel-optimizer/enable-media-replace/commit/8ca282e68e5fcf8a8e4cecc1f0ab192c42b1dc66"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/short-pixel-optimizer/enable-media-replace","events":[{"introduced":"0"},{"fixed":"8ca282e68e5fcf8a8e4cecc1f0ab192c42b1dc66"}]}],"versions":["v3.3.10","v3.3.11","v3.3.12","v3.3.2","v3.3.4","v3.3.5","v3.3.6","v3.3.7","v3.3.8","v3.3.9","v3.4.0","v3.4.1","v3.4.2","v3.5.0","v3.6.0","v3.6.1","v3.6.2","v3.6.3","v4.0.0","v4.0.1","v4.0.2","v4.0.3","v4.1.0","v4.1.1","v4.1.2","v4.1.3","v4.1.4","v4.1.5","v4.1.6","v4.1.7"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-2732.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L"}]}