Unauthorized Data Modification in Enable Media Replace Plugin for WordPress
CVE-2026-2732
5.4MEDIUM
What is CVE-2026-2732?
The Enable Media Replace plugin for WordPress contains a vulnerability that allows authenticated users with Author-level access and above to replace any attachment due to inadequate capability checks in the 'RemoveBackGroundViewController::load' function. This flaw, present in all versions up to and including 4.1.7, can result in unauthorized modification of critical data, impacting the integrity of the content on affected sites.
Affected Version(s)
Enable Media Replace 0 <= 4.1.7