[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f1wpgWNaNAjPfgceJvg0rXokKX4zUmBAZnmQvgz0XeLc":3,"$fp_Lxr--st7YDAJxxmwB5N0V50YobxBIMUH9JpOYYKSo":279,"$f4d0BoL0TCIvQmHKvOAYTR7JUucm9FVzr0R8d_hW1n6I":284},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"discovery_status":32,"vulnerabilities":33,"developer":51,"crawl_stats":39,"alternatives":59,"analysis":171,"fingerprints":254},"easy-media-replace","Easy Media Replace","0.2.0","Nabil Lemsieh","https:\u002F\u002Fprofiles.wordpress.org\u002Fnlemsieh\u002F","\u003Cp>Easy Media Replace allows you to replace images and media files easily while retaining the attachment URL and ID. No more delete, re-upload, and search-replace.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Easy to use.\u003C\u002Fli>\n\u003Cli>Drag and drop file uploading.\u003C\u002Fli>\n\u003Cli>Replace images, PDF, videos, audios, and all media files.\u003C\u002Fli>\n\u003Cli>Regerenate thumbnails (no plugin required).\u003C\u002Fli>\n\u003Cli>Don’t leave your page: Upload and replace files directly within current page.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Cp>Once you activated the plugin, you will see a “Replace” button\u002Flink in Media Library page and dialog (see screenshots below).\u003C\u002Fp>\n","Replace Images and Media Files in WordPress Easily and Quickly.",1000,20578,80,8,"2023-04-25T00:48:00.000Z","6.2.9","4.0","5.4",[20,21,22,23,24],"image","picture","replace","replace-file","replace-image","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Feasy-media-replace\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feasy-media-replace.0.2.0.zip",84,1,0,"2023-03-28 00:00:00","2026-04-16T10:56:18.058Z","no_bundle",[34],{"id":35,"url_slug":36,"title":37,"description":38,"plugin_slug":4,"theme_slug":39,"affected_versions":40,"patched_in_version":6,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":30,"updated_date":45,"references":46,"days_to_patch":48,"patch_diff_files":49,"patch_trac_url":39,"research_status":39,"research_verified":50,"research_rounds_completed":29,"research_plan":39,"research_summary":39,"research_vulnerable_code":39,"research_fix_diff":39,"research_exploit_outline":39,"research_model_used":39,"research_started_at":39,"research_completed_at":39,"research_error":39,"poc_status":39,"poc_video_id":39,"poc_summary":39,"poc_steps":39,"poc_tested_at":39,"poc_wp_version":39,"poc_php_version":39,"poc_playwright_script":39,"poc_exploit_code":39,"poc_has_trace":50,"poc_model_used":39,"poc_verification_depth":39},"CVE-2022-46850","easy-media-replace-authenticated-author-arbitrary-file-deletion","Easy Media Replace \u003C= 0.1.3 - Authenticated (Author+) Arbitrary File Deletion","The Easy Media Replace plugin for WordPress is vulnerable to arbitrary file deletion due to file path validation in the replace function in versions up to, and including, 0.1.3. This makes it possible for author-level attackers to delete arbitrary files on the affected site's server. File deletion is limited to files of the same mime type the attacker can upload.",null,"\u003C=0.1.3","high",8.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:N\u002FI:H\u002FA:H","Missing Authorization","2024-01-22 19:56:02",[47],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fabb4af63-37fe-49b7-8f70-ac9c7e47e939?source=api-prod",301,[],false,{"slug":52,"display_name":7,"profile_url":8,"plugin_count":53,"total_installs":54,"avg_security_score":55,"avg_patch_time_days":56,"trust_score":57,"computed_at":58},"nlemsieh",4,29700,95,61,85,"2026-05-19T22:12:28.605Z",[60,85,110,132,153],{"slug":61,"name":62,"version":63,"author":64,"author_profile":65,"description":66,"short_description":67,"active_installs":68,"downloaded":69,"rating":70,"num_ratings":71,"last_updated":72,"tested_up_to":73,"requires_at_least":74,"requires_php":75,"tags":76,"homepage":80,"download_link":81,"security_score":82,"vuln_count":83,"unpatched_count":29,"last_vuln_date":84,"fetched_at":31},"enable-media-replace","Enable Media Replace","4.1.8","ShortPixel","https:\u002F\u002Fprofiles.wordpress.org\u002Fshortpixel\u002F","\u003Cp>\u003Cstrong>A free, lightweight and easy to use plugin that allows you to seamlessly replace an image or file in your Media Library by uploading a new file in its place. No more deleting, renaming and re-uploading files! Now fully compatible with \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Famazon-s3-and-cloudfront\u002F\" rel=\"ugc\">WP Offload Media!\u003C\u002Fa>\u003Cbr \u002F>\nNew beta feature! You can now remove the background of your images for better integration with eCommerce solutions!\u003Cbr \u002F>\nSupported by the friendly team that created \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fshortpixel-image-optimiser\u002F\" rel=\"ugc\">ShortPixel\u003C\u002Fa>  🙂\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch4>A real timesaver\u003C\u002Fh4>\n\u003Cp>Don’t you find it tedious and complicated to first delete a file and then upload another one with the exact same name every time you want to update an image or other uploaded file in the WordPress media library?\u003C\u002Fp>\n\u003Cp>Well, no longer!\u003C\u002Fp>\n\u003Cp>Now you can replace any uploaded file in the Edit Media view, where it should be. Replacing Media can be done in two ways:\u003C\u002Fp>\n\u003Ch4>It’s simple to replace a file\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Simply replace the file. This option requires you to upload a file of the same type as the file you want to replace. The attachment name remains the same regardless of what the file you upload is called.\u003C\u002Fli>\n\u003Cli>Replace the file, use the new file name, and update all links. If you check this option, the old file will be replaced with the name and type of the file you are uploading. All links pointing to the current file will be updated to point to the new file name. Additional options for the folder to put the new file in or the date of the new file are also available on the replace screen.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>This plugin is very powerful and a must-have for all major websites built with WordPress. It also offers a preview of the replaced image!\u003C\u002Fp>\n\u003Ch4>New beta feature: You can now remove the background of any image!\u003C\u002Fh4>\n\u003Cp>Similar to replacing media, you can also remove the background of the images from the Media Library! The background removal feature sends the images to ShortPixel’s API, removes the background and sends them back in a preview window. If everything looks good, just replace the image with the one that has the background removed! If the source image is a PNG file, you will get a transparent background, while the other images default to a solid white background. You also have the option to choose a different color with an embedded color picker.\u003Cbr \u002F>\nThe background removal feature is still in beta and will be free of charge for a reasonable usage.\u003C\u002Fp>\n\u003Cp>If you don’t want to use the background removal feature, add this line to your theme’s functions.php file, or use a plugin like \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcode-snippets\u002F\" rel=\"ugc\">Code Snippets\u003C\u002Fa>:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>`add_filter( 'emr\u002Ffeature\u002Fbackground', '__return_false' );```\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>A similar filter, for the remote notification system is:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>`add_filter( 'emr\u002Ffeature\u002Fremote_notice', '__return_false' );```\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>To shorten the wait time before redirecting to the media editing screen, use the following filter and specify the wait time in seconds (0 means that redirection is immediate, but may cause problems in certain configurations):\u003C\u002Fp>\n\u003Cpre>\u003Ccode>`add_filter('emr\u002Fsuccess\u002Ftimeout', function () { return 3; });```\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>Show file modification time\u003C\u002Fh4>\n\u003Cp>There is a shortcode that takes the file modification date and displays it in a post or on a page. The code is:\u003Cbr \u002F>\n    [file_modified id=XX format=XXXX] where the “id” is required and the “format” is optional and defaults to your current WordPress settings for date and time format.\u003C\u002Fp>\n\u003Cp>So \u003Ccode>[file_modified id=870]\u003C\u002Fcode> would show the last time the file with ID 870 was updated on your site. To get the ID for a file, check the URL when editing a file in the media library (see screenshot #4)\u003C\u002Fp>\n\u003Cp>If you want more control over the format in which the time is shown, you can use the format option. So \u003Ccode>[file_modified id=870 format=Y-m-d]\u003C\u002Fcode> would show the date the file was modified but not the time. The format string uses \u003Ca href=\"http:\u002F\u002Fphp.net\u002Fmanual\u002Fen\u002Ffunction.date.php\" rel=\"nofollow ugc\">the standard PHP date() formatting tags\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Other plugins by \u003Ca href=\"https:\u002F\u002Fshortpixel.com\" rel=\"nofollow ugc\">ShortPixel\u003C\u002Fa>:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ffastpixel-website-accelerator\u002F\" rel=\"ugc\">FastPixel Caching\u003C\u002Fa> – WP Optimization made easy\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fshortpixel-image-optimiser\u002F\" rel=\"ugc\">ShortPixel Image Optimizer\u003C\u002Fa> – Image optimization & compression for all the images on your website, including WebP & AVIF delivery\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fshortpixel-adaptive-images\u002F\" rel=\"ugc\">ShortPixel Adaptive Images\u003C\u002Fa> – On-the-fly image optimization & CDN delivery\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fresize-image-after-upload\u002F\" rel=\"ugc\">Resize Image After Upload\u003C\u002Fa> – Automatically resize each uploaded image\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fregenerate-thumbnails-advanced\u002F\" rel=\"ugc\">reGenerate Thumbnails Advanced\u003C\u002Fa> – Easily regenerate thumbnails\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-svg-images\u002F\" rel=\"ugc\">WP SVG Images\u003C\u002Fa> – Secure upload of SVG files to Media Library\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Get in touch!\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Email \u003Ca href=\"https:\u002F\u002Fshortpixel.com\u002Fcontact\" rel=\"nofollow ugc\">https:\u002F\u002Fshortpixel.com\u002Fcontact\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Twitter \u003Ca href=\"https:\u002F\u002Ftwitter.com\u002Fshortpixel\" rel=\"nofollow ugc\">https:\u002F\u002Ftwitter.com\u002Fshortpixel\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Facebook \u003Ca href=\"https:\u002F\u002Fwww.facebook.com\u002FShortPixel\" rel=\"nofollow ugc\">https:\u002F\u002Fwww.facebook.com\u002FShortPixel\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>LinkedIn \u003Ca href=\"https:\u002F\u002Fwww.linkedin.com\u002Fcompany\u002Fshortpixel\" rel=\"nofollow ugc\">https:\u002F\u002Fwww.linkedin.com\u002Fcompany\u002Fshortpixel\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Wishlist \u002F Coming attractions\u003C\u002Fh3>\n\u003Cp>Do you have suggestions? Feel free to contact ShortPixel \u003Ca href=\"https:\u002F\u002Fshortpixel.com\u002Fcontact\" rel=\"nofollow ugc\">here\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Contribute\u003C\u002Fh3>\n\u003Cp>Want to help us improve the plugin feel free to submit PRs via GitHub \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fshort-pixel-optimizer\u002Fenable-media-replace\" rel=\"nofollow ugc\">here\u003C\u002Fa>.\u003C\u002Fp>\n","Easily replace any attached image\u002Ffile by simply uploading a new file in the Media Library edit view - a real time saver!",600000,12623975,88,300,"2026-03-03T10:21:00.000Z","6.9.4","4.9.7","5.6",[77,78,22,24,79],"change-media","remove-background","replace-jpg","https:\u002F\u002Fshortpixel.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fenable-media-replace.4.1.8.zip",92,7,"2026-03-03 18:17:08",{"slug":86,"name":87,"version":88,"author":89,"author_profile":90,"description":91,"short_description":92,"active_installs":93,"downloaded":94,"rating":95,"num_ratings":96,"last_updated":97,"tested_up_to":73,"requires_at_least":98,"requires_php":99,"tags":100,"homepage":105,"download_link":106,"security_score":107,"vuln_count":108,"unpatched_count":28,"last_vuln_date":109,"fetched_at":31},"image-editor-by-pixo","Image Editor by Pixo","2.3.8","Ickata","https:\u002F\u002Fprofiles.wordpress.org\u002Fickata\u002F","\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FCJN2zQezRls?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fpixoeditor.com\" rel=\"nofollow ugc\">Pixo\u003C\u002Fa> is cross-platform image editor. It can be integrated into any web app.\u003C\u002Fp>\n\u003Cp>This plugin does exactly this – it fully replaces WordPress’ default image editor with this more powerful one, and integrates it into the front-end.\u003C\u002Fp>\n\u003Cp>Features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Remove Background\u003C\u002Fli>\n\u003Cli>Resize Image & Upscale with high quality\u003C\u002Fli>\n\u003Cli>Instagram-like Filters\u003C\u002Fli>\n\u003Cli>Stock and custom Stickers (from file or URL)\u003C\u002Fli>\n\u003Cli>Rich Text editing\u003C\u002Fli>\n\u003Cli>Drawing\u003C\u002Fli>\n\u003Cli>Beautiful Photo Frames\u003C\u002Fli>\n\u003Cli>Shapes\u003C\u002Fli>\n\u003Cli>Image filesize optimization\u003C\u002Fli>\n\u003Cli>Batch editing (supported only in Media list view)\u003C\u002Fli>\n\u003Cli>Updates all posts where the image has been referenced\u003C\u002Fli>\n\u003Cli>Can attach to every file input field in the front-end!\u003C\u002Fli>\n\u003Cli>Crop, Flip, Rotate\u003C\u002Fli>\n\u003Cli>Color corrections (RGB, HSV, brightness\u002Fcontrast, and more)\u003C\u002Fli>\n\u003Cli>Restore previous sessions and make changes to images (undo changes, update text, and more)\u003C\u002Fli>\n\u003Cli>Image optimization via \u003Ca href=\"https:\u002F\u002Ftinypng.com\" rel=\"nofollow ugc\">TinyPNG\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Ability to choose to which image size to apply changes to (all, thumbnail, all except thumbnail)\u003C\u002Fli>\n\u003Cli>Supports Block Editor (Gutenberg)\u003C\u002Fli>\n\u003Cli>Supports Multisite\u003C\u002Fli>\n\u003Cli>Mobile-friendly\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Pixo is external service that requires registration. This plugin only wraps the service into WordPress and does the registration automatically for you. The registration is with your WordPress user’s email address and a randomly generated password. To change that password visit \u003Ca href=\"https:\u002F\u002Fpixoeditor.com:8443\u002Fcp\u002F#\u002Fforgotten-password\" rel=\"nofollow ugc\">the Control Panel\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fpixoeditor.com\u002Fprivacy-policy\u002F\" rel=\"nofollow ugc\">Pixo’s Privacy Policy\u003C\u002Fa>\u003C\u002Fp>\n","Replaces the default image editor in wp-admin with more powerful one - Pixo. It can also be used in the front-end.",800,23375,76,9,"2025-12-01T13:30:00.000Z","3.5","5.2",[101,102,103,104,24],"image-compression","image-editor","image-optimization","photo-editor","https:\u002F\u002Fpixoeditor.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fimage-editor-by-pixo.2.3.8.zip",77,2,"2025-09-22 00:00:00",{"slug":111,"name":112,"version":113,"author":114,"author_profile":115,"description":116,"short_description":117,"active_installs":118,"downloaded":119,"rating":120,"num_ratings":96,"last_updated":121,"tested_up_to":122,"requires_at_least":99,"requires_php":123,"tags":124,"homepage":129,"download_link":130,"security_score":120,"vuln_count":108,"unpatched_count":29,"last_vuln_date":131,"fetched_at":31},"easy-replace-image","Easy Replace Image","3.5.5","Iulia Cazan","https:\u002F\u002Fprofiles.wordpress.org\u002Fiulia-cazan\u002F","\u003Cp>This plugin allows you to replace an attachment file by uploading another image or by downloading one from a specified URL, without deleting the attachment. The plugin handles the sub-sizes generation and the attachment metadata update, and you will see the result right away.\u003C\u002Fp>\n\u003Ch4>Demo\u003C\u002Fh4>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002F7kGf8cz49ZE?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.\u003C\u002Fp>\n","Replace easily an attachment file by uploading another file or by downloading one from an URL, without deleting the attachment.",500,15616,98,"2026-04-11T10:49:00.000Z","7.0","7.4",[125,126,127,128,24],"change-attachment-file","download-image","image-refresh","repair-broken-image","https:\u002F\u002Fiuliacazan.ro\u002Feasy-replace-image\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feasy-replace-image.3.5.5.zip","2026-01-27 17:10:48",{"slug":133,"name":134,"version":135,"author":136,"author_profile":137,"description":138,"short_description":139,"active_installs":140,"downloaded":141,"rating":29,"num_ratings":29,"last_updated":142,"tested_up_to":73,"requires_at_least":143,"requires_php":123,"tags":144,"homepage":149,"download_link":150,"security_score":151,"vuln_count":29,"unpatched_count":29,"last_vuln_date":39,"fetched_at":152},"devenia-replace-media","Devenia Replace Media","1.7.5","Bjorn Solstad","https:\u002F\u002Fprofiles.wordpress.org\u002Fbasicus\u002F","\u003Cp>\u003Cstrong>Devenia Replace Media\u003C\u002Fstrong> lets you replace any media file in WordPress while keeping the original URL intact. Useful for updating images without changing links.\u003C\u002Fp>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Keep Your URLs\u003C\u002Fstrong> – Replace the file while keeping the URL, helping avoid broken links.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Works Everywhere\u003C\u002Fstrong> – Media Library list view, Elementor gallery editor, and standard WordPress media modals.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Preserves Metadata\u003C\u002Fstrong> – Captions, alt text, titles, and descriptions stay intact.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Automatic Cache Busting\u003C\u002Fstrong> – Appends a version parameter after replacement, which can help browsers and CDNs fetch the updated file.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Regenerates Thumbnails\u003C\u002Fstrong> – All image sizes are automatically regenerated after replacement.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Simple Interface\u003C\u002Fstrong> – Just click “Replace File”, upload your new file, done.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Where It Works\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Media Library\u003C\u002Fstrong> – “Replace File” link appears in the list view actions\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Elementor Gallery Editor\u003C\u002Fstrong> – Blue “Replace File” button in attachment details\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WordPress Media Modal\u003C\u002Fstrong> – Works in the standard media selector used by Gutenberg and Classic Editor\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Use Cases\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Update product images without changing URLs\u003C\u002Fli>\n\u003Cli>Fix typos in PDFs or documents\u003C\u002Fli>\n\u003Cli>Replace outdated screenshots\u003C\u002Fli>\n\u003Cli>Update seasonal images across your site\u003C\u002Fli>\n\u003Cli>Swap placeholder images for final versions\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Why Cache Busting Matters\u003C\u002Fh4>\n\u003Cp>When you replace an image, browsers may show an older cached version. This plugin appends a version parameter to image URLs after replacement to help caches fetch the updated file.\u003C\u002Fp>\n","Replace media files while keeping the same URL. Works in Media Library, Elementor, and more.",20,259,"2026-02-06T19:58:00.000Z","5.0",[145,146,147,24,148],"cache-busting","elementor","media-library","replace-media","https:\u002F\u002Fdevenia.com\u002Fplugins\u002Freplace-media\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdevenia-replace-media.1.7.5.zip",100,"2026-04-06T09:54:40.288Z",{"slug":154,"name":155,"version":156,"author":157,"author_profile":158,"description":159,"short_description":160,"active_installs":29,"downloaded":161,"rating":29,"num_ratings":29,"last_updated":162,"tested_up_to":163,"requires_at_least":164,"requires_php":165,"tags":166,"homepage":169,"download_link":170,"security_score":57,"vuln_count":29,"unpatched_count":29,"last_vuln_date":39,"fetched_at":31},"yatterukun","Yatterukun","1.0.0","Katsuya Ando","https:\u002F\u002Fprofiles.wordpress.org\u002Fankatsu\u002F","\u003Cp>Fast and easy photo\u002Fvideo media changer plugin.\u003Cbr \u002F>\nListening for HTTP POST upload on your specific page URL,\u003Cbr \u002F>\nand replace the target media file directly without wp-admin.\u003C\u002Fp>\n\u003Cp>Upload picture\u002Fvideo from mobile phone, and you will be able to see the changes\u003Cbr \u002F>\non your WordPress web site quick, right then.\u003C\u002Fp>\n\u003Cp>In order to achieve this, This plugin modifies img\u002Fvideo tag in html\u003Cbr \u002F>\nand prevent browser caching.\u003C\u002Fp>\n\u003Cp>More details follow the link below;\u003C\u002Fp>\n\u003Cp>https:\u002F\u002Fwww.andows.jp\u002Fyatterukun-wp\u002Fen\u003C\u002Fp>\n\u003Ch4>To go with custom header\u003C\u002Fh4>\n\u003Cp>Considering Custom Header is a WordPress theme’s functionality,\u003Cbr \u002F>\nCreating child theme is good, so we provided sample child themefor your convenience.\u003C\u002Fp>\n\u003Cp>https:\u002F\u002Fgithub.com\u002Fankatsu2010\u002Ftwentyseventeen-child-yatterukun\u003C\u002Fp>\n\u003Cp>To prevent browser caching for custom header media, you need to create\u003Cbr \u002F>\nyour favorite theme’s child like above.\u003C\u002Fp>\n\u003Ch4>Recommended mobile tool\u003C\u002Fh4>\n\u003Cp>For client side solution, “Yatterukun” mobile app is also available for free on Google Play and App Store.\u003C\u002Fp>\n\u003Cp>How to use:\u003Cbr \u002F>\n1.Take picture or select from album.\u003Cbr \u002F>\n2.Tap “upload” button.\u003Cbr \u002F>\n3.That should do it.\u003Cbr \u002F>\nLet’s go check it!\u003C\u002Fp>\n","Fast and easy photo\u002Fvideo media changer plugin.",929,"2020-04-25T06:47:00.000Z","5.3.21","4.7","",[77,167,24,148,168],"http-post","replace-video","https:\u002F\u002Fwww.andows.jp\u002Fyatterukun-plugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fyatterukun.1.0.0.zip",{"attackSurface":172,"codeSignals":221,"taintFlows":241,"riskAssessment":242,"analyzedAt":253},{"hooks":173,"ajaxHandlers":205,"restRoutes":218,"shortcodes":219,"cronEvents":220,"entryPointCount":53,"unprotectedCount":53},[174,181,185,191,194,196,199,202],{"type":175,"name":176,"callback":177,"priority":178,"file":179,"line":180},"filter","big_image_size_threshold","__return_false",11111,"admin\\class-easy-media-replace-admin.php",195,{"type":175,"name":182,"callback":183,"priority":178,"file":179,"line":184},"intermediate_image_sizes_advanced","__return_empty_array",196,{"type":186,"name":187,"callback":188,"file":189,"line":190},"action","plugins_loaded","anonymous","includes\\class-easy-media-replace.php",147,{"type":186,"name":192,"callback":188,"file":189,"line":193},"admin_enqueue_scripts",163,{"type":186,"name":192,"callback":188,"file":189,"line":195},164,{"type":175,"name":197,"callback":188,"file":189,"line":198},"attachment_fields_to_edit",166,{"type":175,"name":200,"callback":188,"file":189,"line":201},"attachment_submitbox_misc_actions",167,{"type":175,"name":203,"callback":188,"file":189,"line":204},"media_row_actions",168,[206,209,212,215],{"action":207,"nopriv":50,"callback":188,"hasNonce":50,"hasCapCheck":50,"file":189,"line":208},"emr:dialog",169,{"action":210,"nopriv":50,"callback":188,"hasNonce":50,"hasCapCheck":50,"file":189,"line":211},"emr:upload",170,{"action":213,"nopriv":50,"callback":188,"hasNonce":50,"hasCapCheck":50,"file":189,"line":214},"emr:replace",171,{"action":216,"nopriv":50,"callback":188,"hasNonce":50,"hasCapCheck":50,"file":189,"line":217},"emr:remove",172,[],[],[],{"dangerousFunctions":222,"sqlUsage":223,"outputEscaping":225,"fileOperations":108,"externalRequests":29,"nonceChecks":53,"capabilityChecks":53,"bundledLibraries":240},[],{"prepared":29,"raw":29,"locations":224},[],{"escaped":29,"rawEcho":226,"locations":227},6,[228,231,232,234,237,238],{"file":179,"line":229,"context":230},78,"raw output",{"file":179,"line":229,"context":230},{"file":179,"line":233,"context":230},79,{"file":235,"line":236,"context":230},"admin\\partials\\dialog.php",17,{"file":235,"line":236,"context":230},{"file":235,"line":239,"context":230},22,[],[],{"summary":243,"deductions":244},"The \"easy-media-replace\" plugin version 0.2.0 presents a significant security risk due to multiple unauthenticated AJAX handlers. While the plugin demonstrates good practices by utilizing prepared statements for SQL queries and performing nonce and capability checks on its entry points, the lack of authorization on all identified AJAX handlers is a critical concern. This means that any authenticated user, regardless of their role or permissions, could potentially trigger these actions, leading to unintended consequences or further exploitation if combined with other weaknesses.\n\nThe static analysis did not reveal any dangerous functions, SQL injection vulnerabilities, or problematic taint flows, which is a positive sign. However, the complete absence of proper output escaping across all identified outputs is a serious deficiency. This could allow for cross-site scripting (XSS) vulnerabilities if user-supplied data is reflected directly in the output without sanitization.\n\nThe plugin has a history of one known high-severity vulnerability, specifically related to missing authorization, with its last occurrence in March 2023. Although there are currently no unpatched vulnerabilities, this history, combined with the present finding of unauthenticated AJAX handlers, suggests a recurring pattern of authorization oversight. The overall security posture is thus mixed, with strengths in data handling (SQL) but significant weaknesses in access control and output sanitization, requiring immediate attention.",[245,248,250],{"reason":246,"points":247},"Unprotected AJAX handlers",10,{"reason":249,"points":14},"Unescaped output",{"reason":251,"points":252},"Past high severity vulnerability (Missing Authorization)",15,"2026-03-16T18:42:41.265Z",{"wat":255,"direct":266},{"assetPaths":256,"generatorPatterns":261,"scriptPaths":262,"versionParams":263},[257,258,259,260],"\u002Fwp-content\u002Fplugins\u002Feasy-media-replace\u002Fadmin\u002Fcss\u002Fjquery-ui.min.css","\u002Fwp-content\u002Fplugins\u002Feasy-media-replace\u002Fadmin\u002Fcss\u002Feasy-media-replace-admin.css","\u002Fwp-content\u002Fplugins\u002Feasy-media-replace\u002Fadmin\u002Fjs\u002Fdropzone.js","\u002Fwp-content\u002Fplugins\u002Feasy-media-replace\u002Fadmin\u002Fjs\u002Feasy-media-replace-admin.js",[],[259,260],[264,265],"easy-media-replace\u002Fadmin\u002Fcss\u002Feasy-media-replace-admin.css?ver=","easy-media-replace\u002Fadmin\u002Fjs\u002Feasy-media-replace-admin.js?ver=",{"cssClasses":267,"htmlComments":271,"htmlAttributes":272,"restEndpoints":275,"jsGlobals":276,"shortcodeOutput":278},[268,269,270],"js-emr-open-dialog","emr-dialog__open","misc-pub-emr",[],[273,274],"data-attachment-id","data-attachment-mime",[],[277],"emr_ajax_object",[],{"error":280,"url":281,"statusCode":282,"statusMessage":283,"message":283},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Feasy-media-replace\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":285,"versions":286},5,[287,292,300,308,316],{"version":6,"download_url":26,"svn_tag_url":288,"released_at":39,"has_diff":50,"diff_files_changed":289,"diff_lines":39,"trac_diff_url":290,"vulnerabilities":291,"is_current":280},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Feasy-media-replace\u002Ftags\u002F0.2.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Feasy-media-replace%2Ftags%2F0.1.3&new_path=%2Feasy-media-replace%2Ftags%2F0.2.0",[],{"version":293,"download_url":294,"svn_tag_url":295,"released_at":39,"has_diff":50,"diff_files_changed":296,"diff_lines":39,"trac_diff_url":297,"vulnerabilities":298,"is_current":50},"0.1.3","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feasy-media-replace.0.1.3.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Feasy-media-replace\u002Ftags\u002F0.1.3\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Feasy-media-replace%2Ftags%2F0.1.2&new_path=%2Feasy-media-replace%2Ftags%2F0.1.3",[299],{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":6},{"version":301,"download_url":302,"svn_tag_url":303,"released_at":39,"has_diff":50,"diff_files_changed":304,"diff_lines":39,"trac_diff_url":305,"vulnerabilities":306,"is_current":50},"0.1.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feasy-media-replace.0.1.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Feasy-media-replace\u002Ftags\u002F0.1.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Feasy-media-replace%2Ftags%2F0.1.1&new_path=%2Feasy-media-replace%2Ftags%2F0.1.2",[307],{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":6},{"version":309,"download_url":310,"svn_tag_url":311,"released_at":39,"has_diff":50,"diff_files_changed":312,"diff_lines":39,"trac_diff_url":313,"vulnerabilities":314,"is_current":50},"0.1.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feasy-media-replace.0.1.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Feasy-media-replace\u002Ftags\u002F0.1.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Feasy-media-replace%2Ftags%2F0.1.0&new_path=%2Feasy-media-replace%2Ftags%2F0.1.1",[315],{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":6},{"version":317,"download_url":318,"svn_tag_url":319,"released_at":39,"has_diff":50,"diff_files_changed":320,"diff_lines":39,"trac_diff_url":39,"vulnerabilities":321,"is_current":50},"0.1.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feasy-media-replace.0.1.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Feasy-media-replace\u002Ftags\u002F0.1.0\u002F",[],[322],{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":6}]