CVE-2026-1298
Easy Replace Image <= 3.5.2 - Missing Authorization to Authenticated (Contributor+) Arbitrary Attachment Replacement
CVSS Score
4.3
EPSS Score
0.0%
EPSS Percentile
0th
The Easy Replace Image plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.5.2. This is due to missing capability checks on the `image_replacement_from_url` function that is hooked to the `eri_from_url` AJAX action. This makes it possible for authenticated attackers, with Contributor-level access and above, to replace arbitrary image attachments on the site with images from external URLs, potentially enabling site defacement, phishing attacks, or content manipulation.
| CWE | CWE-862 |
| Vendor | iulia-cazan |
| Product | easy replace image |
| Published | Jan 28, 2026 |
| Last Updated | Apr 8, 2026 |
Stay Ahead of the Next One
Get instant alerts for iulia-cazan easy replace image
Be the first to know when new medium vulnerabilities affecting iulia-cazan easy replace image are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
iulia-cazan / Easy Replace Image
0 โค 3.5.2
References
wordfence.com: https://www.wordfence.com/threat-intel/vulnerabilities/id/27332c13-c25f-47ec-980d-035fc35ce553?source=cve plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/easy-replace-image/trunk/easy-replace-image.php#L961 plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/easy-replace-image/tags/3.5.2/easy-replace-image.php#L961 plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3447984%40easy-replace-image&new=3447984%40easy-replace-image&sfp_email=&sfph_mail=
Credits
Nabil Irawan