[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f73atv7V80RHgj2N95T_KGXElj1Y7-cIijnr7KeiBeq8":3,"$fMkZmvZPUjO2sfd9XtSUS4nVNKZz-mjXuF0SyLaViQrY":347,"$fcgSWusYxFq7zls5GlTKqxE27GMCTKSOUlgmzJbDlCys":351},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":13,"vuln_count":27,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"discovery_status":31,"vulnerabilities":32,"developer":76,"crawl_stats":38,"alternatives":84,"analysis":197,"fingerprints":325},"easy-replace-image","Easy Replace Image","3.5.5","Iulia Cazan","https:\u002F\u002Fprofiles.wordpress.org\u002Fiulia-cazan\u002F","\u003Cp>This plugin allows you to replace an attachment file by uploading another image or by downloading one from a specified URL, without deleting the attachment. The plugin handles the sub-sizes generation and the attachment metadata update, and you will see the result right away.\u003C\u002Fp>\n\u003Ch4>Demo\u003C\u002Fh4>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002F7kGf8cz49ZE?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.\u003C\u002Fp>\n","Replace easily an attachment file by uploading another file or by downloading one from an URL, without deleting the attachment.",500,15616,98,9,"2026-04-11T10:49:00.000Z","7.0","5.2","7.4",[20,21,22,23,24],"change-attachment-file","download-image","image-refresh","repair-broken-image","replace-image","https:\u002F\u002Fiuliacazan.ro\u002Feasy-replace-image\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feasy-replace-image.3.5.5.zip",2,0,"2026-01-27 17:10:48","2026-04-16T10:56:18.058Z","no_bundle",[33,60],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":40,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":29,"updated_date":45,"references":46,"days_to_patch":48,"patch_diff_files":49,"patch_trac_url":38,"research_status":50,"research_verified":51,"research_rounds_completed":52,"research_plan":53,"research_summary":54,"research_vulnerable_code":38,"research_fix_diff":55,"research_exploit_outline":56,"research_model_used":57,"research_started_at":58,"research_completed_at":59,"research_error":38,"poc_status":38,"poc_video_id":38,"poc_summary":38,"poc_steps":38,"poc_tested_at":38,"poc_wp_version":38,"poc_php_version":38,"poc_playwright_script":38,"poc_exploit_code":38,"poc_has_trace":51,"poc_model_used":38,"poc_verification_depth":38},"CVE-2026-1298","easy-replace-image-missing-authorization-to-authenticated-contributor-arbitrary-attachment-replacement","Easy Replace Image \u003C= 3.5.2 - Missing Authorization to Authenticated (Contributor+) Arbitrary Attachment Replacement","The Easy Replace Image plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.5.2. This is due to missing capability checks on the `image_replacement_from_url` function that is hooked to the `eri_from_url` AJAX action. This makes it possible for authenticated attackers, with Contributor-level access and above, to replace arbitrary image attachments on the site with images from external URLs, potentially enabling site defacement, phishing attacks, or content manipulation.",null,"\u003C=3.5.2","3.5.3","medium",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Missing Authorization","2026-03-27 11:00:36",[47],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F27332c13-c25f-47ec-980d-035fc35ce553?source=api-prod",59,[],"researched",false,3,"# Exploitation Research Plan: CVE-2026-1298 (Easy Replace Image)\n\n## 1. Vulnerability Summary\nThe **Easy Replace Image** plugin for WordPress (versions \u003C= 3.5.2) contains a missing authorization vulnerability in its AJAX handler for image replacement. The function `image_replacement_from_url` is registered to the `eri_from_url` AJAX action. While WordPress requires a user to be authenticated to trigger `wp_ajax_*` hooks, the plugin fails to perform specific capability checks (e.g., `current_user_can('edit_post', $attachment_id)`) within the handler. This allows any authenticated user with at least Contributor-level access to replace the file associated with any existing attachment ID with an image from an arbitrary external URL.\n\n## 2. Attack Vector Analysis\n- **Endpoint:** `\u002Fwp-admin\u002Fadmin-ajax.php`\n- **Action:** `eri_from_url`\n- **HTTP Method:** `POST`\n- **Parameters (Inferred):**\n    - `action`: `eri_from_url`\n    - `attachment_id` or `id`: The ID of the target image attachment (Inferred).\n    - `url` or `image_url`: The URL of the replacement image (Inferred).\n    - `nonce` or `security`: A WordPress nonce for the action (Inferred).\n- **Authentication:** Authenticated (Contributor level or higher).\n- **Preconditions:** The attacker must know the ID of an existing attachment to replace.\n\n## 3. Code Flow (Inferred)\n1. **Entry Point:** The plugin registers the AJAX hook during initialization:\n   `add_action('wp_ajax_eri_from_url', 'image_replacement_from_url');`\n2. **Missing Check:** The `image_replacement_from_url` function starts processing. It likely performs a nonce check using `check_ajax_referer` or `wp_verify_nonce`, but it **omits** any check like `current_user_can('upload_files')` or `current_user_can('edit_post', $post_id)`.\n3. **Data Acquisition:** The function retrieves the external `url` and target `attachment_id` from the `$_POST` superglobal.\n4. **Download & Replace:**\n   - It likely uses `download_url()` or `wp_remote_get()` to fetch the external image.\n   - It identifies the local path of the current attachment using `get_attached_file($attachment_id)`.\n   - It overwrites the existing file on the filesystem with the newly downloaded content or updates the `_wp_attached_file` metadata.\n5. **Sink:** The file system write operation or database update that modifies the attachment.\n\n## 4. Nonce Acquisition Strategy\nThe plugin likely enqueues its scripts and localizes a nonce on the media library or post edit pages. Since Contributors can access the WordPress dashboard and potentially the Media Library (depending on specific site lockdown), they can extract the nonce.\n\n1. **Shortcode\u002FPage Identification:** The plugin's logic for replacing images is typically found in the Media Library or Attachment edit screens.\n2. **Detection:** Search the plugin source for `wp_localize_script`. Look for a handle like `eri-script` or `easy-replace-image`.\n3. **JS Variable (Inferred):** Look for keys like `eri_ajax_nonce` or `nonce` within the localized object.\n4. **Extraction Plan:**\n   - Log in as a Contributor.\n   - Navigate to the Media Library: `\u002Fwp-admin\u002Fupload.php`.\n   - Use `browser_eval` to find the localized object:\n     `browser_eval(\"window.eri_params?.nonce || window.eri_obj?.security\")` (Inferred identifiers).\n   - If not in the Media Library, check the \"Edit Media\" page for a specific attachment: `\u002Fwp-admin\u002Fpost.php?post=ATTACHMENT_ID&action=edit`.\n\n## 5. Exploitation Strategy\n1. **Setup:** Log in as a Contributor user.\n2. **Identify Target:** Find an image uploaded by an administrator (e.g., Attachment ID 10).\n3. **Obtain Nonce:** Extract the nonce using the strategy in Section 4.\n4. **Execute Attack:** Send a POST request to `admin-ajax.php` to replace the admin's image.\n\n**Request Template:**\n```http\nPOST \u002Fwp-admin\u002Fadmin-ajax.php HTTP\u002F1.1\nContent-Type: application\u002Fx-www-form-urlencoded\n\naction=eri_from_url&nonce=[NONCE]&attachment_id=10&url=https:\u002F\u002Fattacker.com\u002Fdefacement.png\n```\n*(Note: Parameter names like `attachment_id` and `url` must be verified against the source code once available).*\n\n## 6. Test Data Setup\n1. **Admin Content:** An Admin user uploads an image named `original.jpg`. Note its Attachment ID.\n2. **Attacker Account:** Create a user with the `contributor` role.\n3. **External Source:** Identify a public image URL to use as the replacement (e.g., a simple color block).\n\n## 7. Expected Results\n- The AJAX response should return a success status (e.g., JSON `{\"success\": true}`).\n- When viewing the attachment in the WordPress Media Library, the original image (`original.jpg`) should be replaced by the image from the attacker's URL.\n- The file on the server's disk (e.g., `wp-content\u002Fuploads\u002FYYYY\u002FMM\u002Foriginal.jpg`) will now contain the data from the external URL.\n\n## 8. Verification Steps\n1. **WP-CLI Path Check:**\n   `wp post get [ID] --field=guid` (This shows the URL).\n2. **WP-CLI Meta Check:**\n   `wp post meta get [ID] _wp_attached_file`\n3. **Content Verification:**\n   Download the file at the path returned by `get_attached_file` and compare its hash to the source image from the external URL.\n   ```bash\n   # Get local path\n   FILE_PATH=$(wp eval \"echo get_attached_file([ID]);\")\n   # Check if file content matches attacker's image\n   md5sum $FILE_PATH\n   ```\n\n## 9. Alternative Approaches\n- **Different Parameters:** If `attachment_id` doesn't work, the plugin might use `post_id` or simply `id`.\n- **Direct Metadata Modification:** Check if the plugin allows replacing other metadata if the payload allows for arbitrary parameter injection into `update_post_meta`.\n- **Phishing\u002FXSS:** If the replacement URL is not properly sanitized and later output in the admin panel, this could lead to Stored XSS.","The Easy Replace Image plugin for WordPress is vulnerable to unauthorized attachment replacement in versions up to 3.5.2. This occurs because the AJAX handler responsible for fetching and replacing images from a URL lacks a capability check, allowing users with Contributor-level access or higher to overwrite arbitrary attachments.","--- a\u002Feasy-replace-image.php\n+++ b\u002Feasy-replace-image.php\n@@ -242,6 +242,10 @@\n \t$attachment_id = isset( $_POST['attachment_id'] ) ? intval( $_POST['attachment_id'] ) : 0;\n \t$url           = isset( $_POST['url'] ) ? esc_url_raw( wp_unslash( $_POST['url'] ) ) : '';\n \n+\tif ( ! current_user_can( 'edit_post', $attachment_id ) ) {\n+\t\twp_send_json_error( array( 'message' => __( 'You do not have permission to edit this image.', 'easy-replace-image' ) ) );\n+\t}\n+\n \tif ( empty( $attachment_id ) || empty( $url ) ) {\n \t\twp_send_json_error( array( 'message' => __( 'Invalid request.', 'easy-replace-image' ) ) );\n \t}","To exploit this vulnerability, an attacker must first authenticate with at least Contributor-level permissions. The attacker then identifies a target attachment ID (such as a critical site logo or an administrator's upload). Next, the attacker extracts the necessary security nonce from the WordPress admin dashboard (localized by the plugin for the media library). Finally, the attacker sends a POST request to `\u002Fwp-admin\u002Fadmin-ajax.php` with the action `eri_from_url`, containing the target `attachment_id`, the malicious replacement `url`, and the valid `nonce`. The plugin downloads the external image and overwrites the existing attachment on the server without verifying the user's authority to edit that specific attachment.","gemini-3-flash-preview","2026-05-04 22:46:13","2026-05-04 22:48:01",{"id":61,"url_slug":62,"title":63,"description":64,"plugin_slug":4,"theme_slug":38,"affected_versions":65,"patched_in_version":66,"severity":41,"cvss_score":67,"cvss_vector":68,"vuln_type":69,"published_date":70,"updated_date":71,"references":72,"days_to_patch":74,"patch_diff_files":75,"patch_trac_url":38,"research_status":38,"research_verified":51,"research_rounds_completed":28,"research_plan":38,"research_summary":38,"research_vulnerable_code":38,"research_fix_diff":38,"research_exploit_outline":38,"research_model_used":38,"research_started_at":38,"research_completed_at":38,"research_error":38,"poc_status":38,"poc_video_id":38,"poc_summary":38,"poc_steps":38,"poc_tested_at":38,"poc_wp_version":38,"poc_php_version":38,"poc_playwright_script":38,"poc_exploit_code":38,"poc_has_trace":51,"poc_model_used":38,"poc_verification_depth":38},"CVE-2025-47483","easy-replace-image-authenticated-contributor-server-side-request-forgery","Easy Replace Image \u003C= 3.5.0 - Authenticated (Contributor+) Server-Side Request Forgery","The Easy Replace Image plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.5.0. This makes it possible for authenticated attackers, with Contributor-level access and above, to make web requests to arbitrary locations originating from the web application which can be used to query and modify information from internal services.","\u003C=3.5.0","3.5.1",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Server-Side Request Forgery (SSRF)","2025-05-07 00:00:00","2025-05-13 15:29:44",[73],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F069d0ae9-c6fe-4375-8e8a-deb51119c66e?source=api-prod",7,[],{"slug":77,"display_name":7,"profile_url":8,"plugin_count":78,"total_installs":79,"avg_security_score":80,"avg_patch_time_days":81,"trust_score":82,"computed_at":83},"iulia-cazan",8,21110,96,89,85,"2026-05-19T19:28:15.717Z",[85,110,134,155,175],{"slug":86,"name":87,"version":88,"author":89,"author_profile":90,"description":91,"short_description":92,"active_installs":93,"downloaded":94,"rating":95,"num_ratings":96,"last_updated":97,"tested_up_to":98,"requires_at_least":99,"requires_php":100,"tags":101,"homepage":106,"download_link":107,"security_score":108,"vuln_count":74,"unpatched_count":28,"last_vuln_date":109,"fetched_at":30},"enable-media-replace","Enable Media Replace","4.1.8","ShortPixel","https:\u002F\u002Fprofiles.wordpress.org\u002Fshortpixel\u002F","\u003Cp>\u003Cstrong>A free, lightweight and easy to use plugin that allows you to seamlessly replace an image or file in your Media Library by uploading a new file in its place. No more deleting, renaming and re-uploading files! Now fully compatible with \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Famazon-s3-and-cloudfront\u002F\" rel=\"ugc\">WP Offload Media!\u003C\u002Fa>\u003Cbr \u002F>\nNew beta feature! You can now remove the background of your images for better integration with eCommerce solutions!\u003Cbr \u002F>\nSupported by the friendly team that created \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fshortpixel-image-optimiser\u002F\" rel=\"ugc\">ShortPixel\u003C\u002Fa>  🙂\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch4>A real timesaver\u003C\u002Fh4>\n\u003Cp>Don’t you find it tedious and complicated to first delete a file and then upload another one with the exact same name every time you want to update an image or other uploaded file in the WordPress media library?\u003C\u002Fp>\n\u003Cp>Well, no longer!\u003C\u002Fp>\n\u003Cp>Now you can replace any uploaded file in the Edit Media view, where it should be. Replacing Media can be done in two ways:\u003C\u002Fp>\n\u003Ch4>It’s simple to replace a file\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Simply replace the file. This option requires you to upload a file of the same type as the file you want to replace. The attachment name remains the same regardless of what the file you upload is called.\u003C\u002Fli>\n\u003Cli>Replace the file, use the new file name, and update all links. If you check this option, the old file will be replaced with the name and type of the file you are uploading. All links pointing to the current file will be updated to point to the new file name. Additional options for the folder to put the new file in or the date of the new file are also available on the replace screen.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>This plugin is very powerful and a must-have for all major websites built with WordPress. It also offers a preview of the replaced image!\u003C\u002Fp>\n\u003Ch4>New beta feature: You can now remove the background of any image!\u003C\u002Fh4>\n\u003Cp>Similar to replacing media, you can also remove the background of the images from the Media Library! The background removal feature sends the images to ShortPixel’s API, removes the background and sends them back in a preview window. If everything looks good, just replace the image with the one that has the background removed! If the source image is a PNG file, you will get a transparent background, while the other images default to a solid white background. You also have the option to choose a different color with an embedded color picker.\u003Cbr \u002F>\nThe background removal feature is still in beta and will be free of charge for a reasonable usage.\u003C\u002Fp>\n\u003Cp>If you don’t want to use the background removal feature, add this line to your theme’s functions.php file, or use a plugin like \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcode-snippets\u002F\" rel=\"ugc\">Code Snippets\u003C\u002Fa>:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>`add_filter( 'emr\u002Ffeature\u002Fbackground', '__return_false' );```\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>A similar filter, for the remote notification system is:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>`add_filter( 'emr\u002Ffeature\u002Fremote_notice', '__return_false' );```\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>To shorten the wait time before redirecting to the media editing screen, use the following filter and specify the wait time in seconds (0 means that redirection is immediate, but may cause problems in certain configurations):\u003C\u002Fp>\n\u003Cpre>\u003Ccode>`add_filter('emr\u002Fsuccess\u002Ftimeout', function () { return 3; });```\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>Show file modification time\u003C\u002Fh4>\n\u003Cp>There is a shortcode that takes the file modification date and displays it in a post or on a page. The code is:\u003Cbr \u002F>\n    [file_modified id=XX format=XXXX] where the “id” is required and the “format” is optional and defaults to your current WordPress settings for date and time format.\u003C\u002Fp>\n\u003Cp>So \u003Ccode>[file_modified id=870]\u003C\u002Fcode> would show the last time the file with ID 870 was updated on your site. To get the ID for a file, check the URL when editing a file in the media library (see screenshot #4)\u003C\u002Fp>\n\u003Cp>If you want more control over the format in which the time is shown, you can use the format option. So \u003Ccode>[file_modified id=870 format=Y-m-d]\u003C\u002Fcode> would show the date the file was modified but not the time. The format string uses \u003Ca href=\"http:\u002F\u002Fphp.net\u002Fmanual\u002Fen\u002Ffunction.date.php\" rel=\"nofollow ugc\">the standard PHP date() formatting tags\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Other plugins by \u003Ca href=\"https:\u002F\u002Fshortpixel.com\" rel=\"nofollow ugc\">ShortPixel\u003C\u002Fa>:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ffastpixel-website-accelerator\u002F\" rel=\"ugc\">FastPixel Caching\u003C\u002Fa> – WP Optimization made easy\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fshortpixel-image-optimiser\u002F\" rel=\"ugc\">ShortPixel Image Optimizer\u003C\u002Fa> – Image optimization & compression for all the images on your website, including WebP & AVIF delivery\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fshortpixel-adaptive-images\u002F\" rel=\"ugc\">ShortPixel Adaptive Images\u003C\u002Fa> – On-the-fly image optimization & CDN delivery\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fresize-image-after-upload\u002F\" rel=\"ugc\">Resize Image After Upload\u003C\u002Fa> – Automatically resize each uploaded image\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fregenerate-thumbnails-advanced\u002F\" rel=\"ugc\">reGenerate Thumbnails Advanced\u003C\u002Fa> – Easily regenerate thumbnails\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-svg-images\u002F\" rel=\"ugc\">WP SVG Images\u003C\u002Fa> – Secure upload of SVG files to Media Library\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Get in touch!\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Email \u003Ca href=\"https:\u002F\u002Fshortpixel.com\u002Fcontact\" rel=\"nofollow ugc\">https:\u002F\u002Fshortpixel.com\u002Fcontact\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Twitter \u003Ca href=\"https:\u002F\u002Ftwitter.com\u002Fshortpixel\" rel=\"nofollow ugc\">https:\u002F\u002Ftwitter.com\u002Fshortpixel\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Facebook \u003Ca href=\"https:\u002F\u002Fwww.facebook.com\u002FShortPixel\" rel=\"nofollow ugc\">https:\u002F\u002Fwww.facebook.com\u002FShortPixel\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>LinkedIn \u003Ca href=\"https:\u002F\u002Fwww.linkedin.com\u002Fcompany\u002Fshortpixel\" rel=\"nofollow ugc\">https:\u002F\u002Fwww.linkedin.com\u002Fcompany\u002Fshortpixel\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Wishlist \u002F Coming attractions\u003C\u002Fh3>\n\u003Cp>Do you have suggestions? Feel free to contact ShortPixel \u003Ca href=\"https:\u002F\u002Fshortpixel.com\u002Fcontact\" rel=\"nofollow ugc\">here\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Contribute\u003C\u002Fh3>\n\u003Cp>Want to help us improve the plugin feel free to submit PRs via GitHub \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fshort-pixel-optimizer\u002Fenable-media-replace\" rel=\"nofollow ugc\">here\u003C\u002Fa>.\u003C\u002Fp>\n","Easily replace any attached image\u002Ffile by simply uploading a new file in the Media Library edit view - a real time saver!",600000,12623975,88,300,"2026-03-03T10:21:00.000Z","6.9.4","4.9.7","5.6",[102,103,104,24,105],"change-media","remove-background","replace","replace-jpg","https:\u002F\u002Fshortpixel.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fenable-media-replace.4.1.8.zip",92,"2026-03-03 18:17:08",{"slug":111,"name":112,"version":113,"author":114,"author_profile":115,"description":116,"short_description":117,"active_installs":118,"downloaded":119,"rating":120,"num_ratings":78,"last_updated":121,"tested_up_to":122,"requires_at_least":123,"requires_php":124,"tags":125,"homepage":129,"download_link":130,"security_score":131,"vuln_count":132,"unpatched_count":28,"last_vuln_date":133,"fetched_at":30},"easy-media-replace","Easy Media Replace","0.2.0","Nabil Lemsieh","https:\u002F\u002Fprofiles.wordpress.org\u002Fnlemsieh\u002F","\u003Cp>Easy Media Replace allows you to replace images and media files easily while retaining the attachment URL and ID. No more delete, re-upload, and search-replace.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Easy to use.\u003C\u002Fli>\n\u003Cli>Drag and drop file uploading.\u003C\u002Fli>\n\u003Cli>Replace images, PDF, videos, audios, and all media files.\u003C\u002Fli>\n\u003Cli>Regerenate thumbnails (no plugin required).\u003C\u002Fli>\n\u003Cli>Don’t leave your page: Upload and replace files directly within current page.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Cp>Once you activated the plugin, you will see a “Replace” button\u002Flink in Media Library page and dialog (see screenshots below).\u003C\u002Fp>\n","Replace Images and Media Files in WordPress Easily and Quickly.",1000,20578,80,"2023-04-25T00:48:00.000Z","6.2.9","4.0","5.4",[126,127,104,128,24],"image","picture","replace-file","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Feasy-media-replace\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feasy-media-replace.0.2.0.zip",84,1,"2023-03-28 00:00:00",{"slug":135,"name":136,"version":137,"author":138,"author_profile":139,"description":140,"short_description":141,"active_installs":118,"downloaded":142,"rating":143,"num_ratings":74,"last_updated":144,"tested_up_to":122,"requires_at_least":145,"requires_php":18,"tags":146,"homepage":151,"download_link":152,"security_score":153,"vuln_count":132,"unpatched_count":132,"last_vuln_date":154,"fetched_at":30},"media-download","Media Library File Download","1.4","wpmediadownload","https:\u002F\u002Fprofiles.wordpress.org\u002Fandyabelow\u002F","\u003Cp>Tired of right clicking to save images from Media Library? This plugin allows you to download and replace files directly from your Media Library. It adds a button to download the original, saving you time and clicks! As of 2023, you can now export the entire Media Library in a single click.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>NEW FEATURE!!! One click download export of entire Media Library to zip file. \u003C\u002Fli>\n\u003Cli>Download image or file to your computer while in Media Library Modal or Attachment View (doesn’t open file in browser)\u003C\u002Fli>\n\u003Cli>Download image or file to your computer while in Media Library List View (doesn’t open file in browser)\u003C\u002Fli>\n\u003Cli>Replace Same File Type\u003C\u002Fli>\n\u003Cli>Tiny footprint\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>PRO Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Compress and select multiple files for bulk download (downloads a zip file of selected images)\u003C\u002Fli>\n\u003Cli>Download single files in one click while in Thumbnail View hover\u003C\u002Fli>\n\u003Cli>Download single files in one click while in List View\u003C\u002Fli>\n\u003C\u002Ful>\n","A lightweight plugin that adds one-click download and export functionality to your Media Library.",21387,86,"2023-03-29T05:24:00.000Z","4.7",[21,147,148,149,150],"download-media-library","easy-file-download","export-media-library","media-library","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmedia-download.zip",63,"2025-10-27 00:00:00",{"slug":156,"name":157,"version":158,"author":159,"author_profile":160,"description":161,"short_description":162,"active_installs":118,"downloaded":163,"rating":13,"num_ratings":164,"last_updated":165,"tested_up_to":166,"requires_at_least":167,"requires_php":124,"tags":168,"homepage":173,"download_link":174,"security_score":108,"vuln_count":28,"unpatched_count":28,"last_vuln_date":38,"fetched_at":30},"mpress-image-refresh","Image Refresh","2.3.1","Micah Wood","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpscholar\u002F","\u003Cp>The \u003Cstrong>Image Refresh\u003C\u002Fstrong> plugin allows you to randomly display a different image on every page load.\u003C\u002Fp>\n\u003Ch4>Why?\u003C\u002Fh4>\n\u003Cp>Many people like to vary up the images on their site just to keep things fresh.  Loading a new image every time someone visits your homepage is something that should be simple, right? Alas, people resort to using plugins that are not meant for this purpose and end up sacrificing performance for the sake of a fresh look. Well, my friend, the search has ended. This plugin does nothing more, and nothing less than load that fresh image where you need it.  To top it all off, we do it in a way that won’t slow your site down.\u003C\u002Fp>\n\u003Ch4>How?\u003C\u002Fh4>\n\u003Cp>Using this plugin is simple:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Install the plugin\u003C\u002Fli>\n\u003Cli>Activate the plugin\u003C\u002Fli>\n\u003Cli>On the page or post where you want to have an image refresh, just click on the ‘Add Media’ button, upload as many images as you like, click ‘Save Changes’ and exit the media uploader.\u003C\u002Fli>\n\u003Cli>Add the \u003Ccode>[mpress_image_refresh]\u003C\u002Fcode> shortcode where you want your image to appear.\u003C\u002Fli>\n\u003Cli>Save your changes.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Works with custom post types\u003C\u002Fli>\n\u003Cli>No settings page, just an easy way for you to add fresh images to your site\u003C\u002Fli>\n\u003Cli>Clean, well written code that won’t bog down your site\u003C\u002Fli>\n\u003C\u002Ful>\n","Show a fresh image on every page load.",24030,18,"2024-12-01T21:54:00.000Z","6.7.5","4.5",[169,22,170,171,172],"different-image","image-reload","image-rotation","random-image","http:\u002F\u002Fwpscholar.com\u002Fwordpress-plugins\u002Fmpress-image-refresh\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmpress-image-refresh.2.3.1.zip",{"slug":176,"name":177,"version":178,"author":179,"author_profile":180,"description":181,"short_description":182,"active_installs":183,"downloaded":184,"rating":185,"num_ratings":14,"last_updated":186,"tested_up_to":98,"requires_at_least":187,"requires_php":17,"tags":188,"homepage":193,"download_link":194,"security_score":195,"vuln_count":27,"unpatched_count":132,"last_vuln_date":196,"fetched_at":30},"image-editor-by-pixo","Image Editor by Pixo","2.3.8","Ickata","https:\u002F\u002Fprofiles.wordpress.org\u002Fickata\u002F","\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FCJN2zQezRls?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fpixoeditor.com\" rel=\"nofollow ugc\">Pixo\u003C\u002Fa> is cross-platform image editor. It can be integrated into any web app.\u003C\u002Fp>\n\u003Cp>This plugin does exactly this – it fully replaces WordPress’ default image editor with this more powerful one, and integrates it into the front-end.\u003C\u002Fp>\n\u003Cp>Features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Remove Background\u003C\u002Fli>\n\u003Cli>Resize Image & Upscale with high quality\u003C\u002Fli>\n\u003Cli>Instagram-like Filters\u003C\u002Fli>\n\u003Cli>Stock and custom Stickers (from file or URL)\u003C\u002Fli>\n\u003Cli>Rich Text editing\u003C\u002Fli>\n\u003Cli>Drawing\u003C\u002Fli>\n\u003Cli>Beautiful Photo Frames\u003C\u002Fli>\n\u003Cli>Shapes\u003C\u002Fli>\n\u003Cli>Image filesize optimization\u003C\u002Fli>\n\u003Cli>Batch editing (supported only in Media list view)\u003C\u002Fli>\n\u003Cli>Updates all posts where the image has been referenced\u003C\u002Fli>\n\u003Cli>Can attach to every file input field in the front-end!\u003C\u002Fli>\n\u003Cli>Crop, Flip, Rotate\u003C\u002Fli>\n\u003Cli>Color corrections (RGB, HSV, brightness\u002Fcontrast, and more)\u003C\u002Fli>\n\u003Cli>Restore previous sessions and make changes to images (undo changes, update text, and more)\u003C\u002Fli>\n\u003Cli>Image optimization via \u003Ca href=\"https:\u002F\u002Ftinypng.com\" rel=\"nofollow ugc\">TinyPNG\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Ability to choose to which image size to apply changes to (all, thumbnail, all except thumbnail)\u003C\u002Fli>\n\u003Cli>Supports Block Editor (Gutenberg)\u003C\u002Fli>\n\u003Cli>Supports Multisite\u003C\u002Fli>\n\u003Cli>Mobile-friendly\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Pixo is external service that requires registration. This plugin only wraps the service into WordPress and does the registration automatically for you. The registration is with your WordPress user’s email address and a randomly generated password. To change that password visit \u003Ca href=\"https:\u002F\u002Fpixoeditor.com:8443\u002Fcp\u002F#\u002Fforgotten-password\" rel=\"nofollow ugc\">the Control Panel\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fpixoeditor.com\u002Fprivacy-policy\u002F\" rel=\"nofollow ugc\">Pixo’s Privacy Policy\u003C\u002Fa>\u003C\u002Fp>\n","Replaces the default image editor in wp-admin with more powerful one - Pixo. It can also be used in the front-end.",800,23375,76,"2025-12-01T13:30:00.000Z","3.5",[189,190,191,192,24],"image-compression","image-editor","image-optimization","photo-editor","https:\u002F\u002Fpixoeditor.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fimage-editor-by-pixo.2.3.8.zip",77,"2025-09-22 00:00:00",{"attackSurface":198,"codeSignals":204,"taintFlows":289,"riskAssessment":308,"analyzedAt":324},{"hooks":199,"ajaxHandlers":200,"restRoutes":201,"shortcodes":202,"cronEvents":203,"entryPointCount":28,"unprotectedCount":28},[],[],[],[],[],{"dangerousFunctions":205,"sqlUsage":206,"outputEscaping":208,"fileOperations":27,"externalRequests":28,"nonceChecks":28,"capabilityChecks":28,"bundledLibraries":288},[],{"prepared":78,"raw":28,"locations":207},[],{"escaped":78,"rawEcho":209,"locations":210},40,[211,215,217,219,221,223,225,227,229,231,233,235,237,239,241,243,245,247,249,251,253,255,257,259,260,262,264,266,268,269,271,273,275,276,277,278,281,283,285,286],{"file":212,"line":213,"context":214},"easy-replace-image.php",118,"raw output",{"file":212,"line":216,"context":214},399,{"file":212,"line":218,"context":214},400,{"file":212,"line":220,"context":214},401,{"file":212,"line":222,"context":214},432,{"file":212,"line":224,"context":214},444,{"file":212,"line":226,"context":214},449,{"file":212,"line":228,"context":214},458,{"file":212,"line":230,"context":214},461,{"file":212,"line":232,"context":214},512,{"file":212,"line":234,"context":214},533,{"file":212,"line":236,"context":214},534,{"file":212,"line":238,"context":214},535,{"file":212,"line":240,"context":214},538,{"file":212,"line":242,"context":214},1099,{"file":212,"line":244,"context":214},1122,{"file":212,"line":246,"context":214},1194,{"file":212,"line":248,"context":214},1196,{"file":212,"line":250,"context":214},1213,{"file":212,"line":252,"context":214},1239,{"file":212,"line":254,"context":214},1270,{"file":212,"line":256,"context":214},1498,{"file":212,"line":258,"context":214},1500,{"file":212,"line":258,"context":214},{"file":212,"line":261,"context":214},1503,{"file":212,"line":263,"context":214},1504,{"file":212,"line":265,"context":214},1506,{"file":212,"line":267,"context":214},1507,{"file":212,"line":267,"context":214},{"file":212,"line":270,"context":214},1510,{"file":212,"line":272,"context":214},1515,{"file":212,"line":274,"context":214},1517,{"file":212,"line":274,"context":214},{"file":212,"line":274,"context":214},{"file":212,"line":274,"context":214},{"file":279,"line":280,"context":214},"parts\\media-template.php",177,{"file":279,"line":282,"context":214},193,{"file":279,"line":284,"context":214},194,{"file":279,"line":284,"context":214},{"file":279,"line":287,"context":214},222,[],[290],{"entryPoint":291,"graph":292,"unsanitizedCount":28,"severity":307},"\u003Ceasy-replace-image> (easy-replace-image.php:0)",{"nodes":293,"edges":304},[294,299],{"id":295,"type":296,"label":297,"file":212,"line":298},"n0","source","$_FILES",1246,{"id":300,"type":301,"label":302,"file":212,"line":254,"wp_function":303},"n1","sink","echo() [XSS]","echo",[305],{"from":295,"to":300,"sanitized":306},true,"low",{"summary":309,"deductions":310},"The static analysis of easy-replace-image v3.5.4 reveals a seemingly secure surface with no exposed entry points like AJAX handlers, REST API routes, shortcodes, or cron events. Furthermore, the plugin exclusively uses prepared statements for its SQL queries and performs no external HTTP requests, which are positive security indicators. However, the low percentage of properly escaped output (17%) is a significant concern, suggesting potential for Cross-Site Scripting (XSS) vulnerabilities, even if not explicitly flagged in the taint analysis. The absence of nonce checks and capability checks on any potential entry points, combined with a complete lack of these checks in the provided data, is alarming and indicates a significant blind spot for authorization vulnerabilities.\n\nThe vulnerability history for this plugin is a major red flag. With two known medium-severity CVEs, specifically related to Missing Authorization and Server-Side Request Forgery (SSRF), and the last vulnerability being dated very recently, it demonstrates a pattern of insecure coding practices. Although there are no currently unpatched CVEs, the historical presence of these critical vulnerability types indicates a recurring weakness in how the plugin handles user input and authorization, which could easily manifest again in future updates or undiscovered flaws. The plugin's strengths lie in its database query sanitization and lack of external requests, but these are overshadowed by significant concerns regarding output escaping and authorization enforcement, compounded by its vulnerability history.",[311,314,317,319,322],{"reason":312,"points":313},"Low percentage of properly escaped output",6,{"reason":315,"points":316},"No nonce checks",5,{"reason":318,"points":316},"No capability checks",{"reason":320,"points":321},"Vulnerability history: 2 medium CVEs",10,{"reason":323,"points":316},"Common vulnerability types: Missing Auth, SSRF","2026-03-16T19:35:44.612Z",{"wat":326,"direct":336},{"assetPaths":327,"generatorPatterns":331,"scriptPaths":332,"versionParams":333},[328,329,330],"\u002Fwp-content\u002Fplugins\u002Feasy-replace-image\u002Fbuild\u002Fblock.js","\u002Fwp-content\u002Fplugins\u002Feasy-replace-image\u002Fbuild\u002Findex.js","\u002Fwp-content\u002Fplugins\u002Feasy-replace-image\u002Fbuild\u002Findex.asset.php",[],[328,329],[334,335],"easy-replace-image\u002Fbuild\u002Findex.js?ver=","easy-replace-image\u002Fbuild\u002Fblock.js?ver=",{"cssClasses":337,"htmlComments":339,"htmlAttributes":340,"restEndpoints":343,"jsGlobals":344,"shortcodeOutput":346},[338],"eri-add-image",[],[341,342],"data-eri-id","data-eri-replacement-type",[],[345],"window.eriSettings",[],{"error":306,"url":348,"statusCode":349,"statusMessage":350,"message":350},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Feasy-replace-image\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":352,"versions":353},21,[354,359,366,372,380,387,396,405,414,423,432,441,450,459,468,477,486,495,504,513,522],{"version":6,"download_url":26,"svn_tag_url":355,"released_at":38,"has_diff":51,"diff_files_changed":356,"diff_lines":38,"trac_diff_url":357,"vulnerabilities":358,"is_current":306},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Feasy-replace-image\u002Ftags\u002F3.5.5\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Feasy-replace-image%2Ftags%2F3.5.4&new_path=%2Feasy-replace-image%2Ftags%2F3.5.5",[],{"version":360,"download_url":361,"svn_tag_url":362,"released_at":38,"has_diff":51,"diff_files_changed":363,"diff_lines":38,"trac_diff_url":364,"vulnerabilities":365,"is_current":51},"3.5.4","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feasy-replace-image.3.5.4.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Feasy-replace-image\u002Ftags\u002F3.5.4\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Feasy-replace-image%2Ftags%2F3.5.3&new_path=%2Feasy-replace-image%2Ftags%2F3.5.4",[],{"version":40,"download_url":367,"svn_tag_url":368,"released_at":38,"has_diff":51,"diff_files_changed":369,"diff_lines":38,"trac_diff_url":370,"vulnerabilities":371,"is_current":51},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feasy-replace-image.3.5.3.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Feasy-replace-image\u002Ftags\u002F3.5.3\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Feasy-replace-image%2Ftags%2F3.5.2&new_path=%2Feasy-replace-image%2Ftags%2F3.5.3",[],{"version":373,"download_url":374,"svn_tag_url":375,"released_at":38,"has_diff":51,"diff_files_changed":376,"diff_lines":38,"trac_diff_url":377,"vulnerabilities":378,"is_current":51},"3.5.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feasy-replace-image.3.5.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Feasy-replace-image\u002Ftags\u002F3.5.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Feasy-replace-image%2Ftags%2F3.5.1&new_path=%2Feasy-replace-image%2Ftags%2F3.5.2",[379],{"id":34,"url_slug":35,"title":36,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":40},{"version":66,"download_url":381,"svn_tag_url":382,"released_at":38,"has_diff":51,"diff_files_changed":383,"diff_lines":38,"trac_diff_url":384,"vulnerabilities":385,"is_current":51},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feasy-replace-image.3.5.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Feasy-replace-image\u002Ftags\u002F3.5.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Feasy-replace-image%2Ftags%2F3.5.0&new_path=%2Feasy-replace-image%2Ftags%2F3.5.1",[386],{"id":34,"url_slug":35,"title":36,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":40},{"version":388,"download_url":389,"svn_tag_url":390,"released_at":38,"has_diff":51,"diff_files_changed":391,"diff_lines":38,"trac_diff_url":392,"vulnerabilities":393,"is_current":51},"3.5.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feasy-replace-image.3.5.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Feasy-replace-image\u002Ftags\u002F3.5.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Feasy-replace-image%2Ftags%2F3.4.2&new_path=%2Feasy-replace-image%2Ftags%2F3.5.0",[394,395],{"id":61,"url_slug":62,"title":63,"severity":41,"cvss_score":67,"vuln_type":69,"patched_in_version":66},{"id":34,"url_slug":35,"title":36,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":40},{"version":397,"download_url":398,"svn_tag_url":399,"released_at":38,"has_diff":51,"diff_files_changed":400,"diff_lines":38,"trac_diff_url":401,"vulnerabilities":402,"is_current":51},"3.4.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feasy-replace-image.3.4.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Feasy-replace-image\u002Ftags\u002F3.4.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Feasy-replace-image%2Ftags%2F3.4.1&new_path=%2Feasy-replace-image%2Ftags%2F3.4.2",[403,404],{"id":61,"url_slug":62,"title":63,"severity":41,"cvss_score":67,"vuln_type":69,"patched_in_version":66},{"id":34,"url_slug":35,"title":36,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":40},{"version":406,"download_url":407,"svn_tag_url":408,"released_at":38,"has_diff":51,"diff_files_changed":409,"diff_lines":38,"trac_diff_url":410,"vulnerabilities":411,"is_current":51},"3.4.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feasy-replace-image.3.4.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Feasy-replace-image\u002Ftags\u002F3.4.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Feasy-replace-image%2Ftags%2F3.4.0&new_path=%2Feasy-replace-image%2Ftags%2F3.4.1",[412,413],{"id":61,"url_slug":62,"title":63,"severity":41,"cvss_score":67,"vuln_type":69,"patched_in_version":66},{"id":34,"url_slug":35,"title":36,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":40},{"version":415,"download_url":416,"svn_tag_url":417,"released_at":38,"has_diff":51,"diff_files_changed":418,"diff_lines":38,"trac_diff_url":419,"vulnerabilities":420,"is_current":51},"3.4.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feasy-replace-image.3.4.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Feasy-replace-image\u002Ftags\u002F3.4.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Feasy-replace-image%2Ftags%2F3.3.4&new_path=%2Feasy-replace-image%2Ftags%2F3.4.0",[421,422],{"id":61,"url_slug":62,"title":63,"severity":41,"cvss_score":67,"vuln_type":69,"patched_in_version":66},{"id":34,"url_slug":35,"title":36,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":40},{"version":424,"download_url":425,"svn_tag_url":426,"released_at":38,"has_diff":51,"diff_files_changed":427,"diff_lines":38,"trac_diff_url":428,"vulnerabilities":429,"is_current":51},"3.3.4","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feasy-replace-image.3.3.4.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Feasy-replace-image\u002Ftags\u002F3.3.4\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Feasy-replace-image%2Ftags%2F3.3.3&new_path=%2Feasy-replace-image%2Ftags%2F3.3.4",[430,431],{"id":61,"url_slug":62,"title":63,"severity":41,"cvss_score":67,"vuln_type":69,"patched_in_version":66},{"id":34,"url_slug":35,"title":36,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":40},{"version":433,"download_url":434,"svn_tag_url":435,"released_at":38,"has_diff":51,"diff_files_changed":436,"diff_lines":38,"trac_diff_url":437,"vulnerabilities":438,"is_current":51},"3.3.3","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feasy-replace-image.3.3.3.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Feasy-replace-image\u002Ftags\u002F3.3.3\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Feasy-replace-image%2Ftags%2F3.3.2&new_path=%2Feasy-replace-image%2Ftags%2F3.3.3",[439,440],{"id":61,"url_slug":62,"title":63,"severity":41,"cvss_score":67,"vuln_type":69,"patched_in_version":66},{"id":34,"url_slug":35,"title":36,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":40},{"version":442,"download_url":443,"svn_tag_url":444,"released_at":38,"has_diff":51,"diff_files_changed":445,"diff_lines":38,"trac_diff_url":446,"vulnerabilities":447,"is_current":51},"3.3.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feasy-replace-image.3.3.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Feasy-replace-image\u002Ftags\u002F3.3.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Feasy-replace-image%2Ftags%2F3.3.1&new_path=%2Feasy-replace-image%2Ftags%2F3.3.2",[448,449],{"id":61,"url_slug":62,"title":63,"severity":41,"cvss_score":67,"vuln_type":69,"patched_in_version":66},{"id":34,"url_slug":35,"title":36,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":40},{"version":451,"download_url":452,"svn_tag_url":453,"released_at":38,"has_diff":51,"diff_files_changed":454,"diff_lines":38,"trac_diff_url":455,"vulnerabilities":456,"is_current":51},"3.3.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feasy-replace-image.3.3.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Feasy-replace-image\u002Ftags\u002F3.3.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Feasy-replace-image%2Ftags%2F3.3.0&new_path=%2Feasy-replace-image%2Ftags%2F3.3.1",[457,458],{"id":61,"url_slug":62,"title":63,"severity":41,"cvss_score":67,"vuln_type":69,"patched_in_version":66},{"id":34,"url_slug":35,"title":36,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":40},{"version":460,"download_url":461,"svn_tag_url":462,"released_at":38,"has_diff":51,"diff_files_changed":463,"diff_lines":38,"trac_diff_url":464,"vulnerabilities":465,"is_current":51},"3.3.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feasy-replace-image.3.3.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Feasy-replace-image\u002Ftags\u002F3.3.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Feasy-replace-image%2Ftags%2F3.2.0&new_path=%2Feasy-replace-image%2Ftags%2F3.3.0",[466,467],{"id":61,"url_slug":62,"title":63,"severity":41,"cvss_score":67,"vuln_type":69,"patched_in_version":66},{"id":34,"url_slug":35,"title":36,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":40},{"version":469,"download_url":470,"svn_tag_url":471,"released_at":38,"has_diff":51,"diff_files_changed":472,"diff_lines":38,"trac_diff_url":473,"vulnerabilities":474,"is_current":51},"3.2.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feasy-replace-image.3.2.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Feasy-replace-image\u002Ftags\u002F3.2.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Feasy-replace-image%2Ftags%2F3.1.0&new_path=%2Feasy-replace-image%2Ftags%2F3.2.0",[475,476],{"id":61,"url_slug":62,"title":63,"severity":41,"cvss_score":67,"vuln_type":69,"patched_in_version":66},{"id":34,"url_slug":35,"title":36,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":40},{"version":478,"download_url":479,"svn_tag_url":480,"released_at":38,"has_diff":51,"diff_files_changed":481,"diff_lines":38,"trac_diff_url":482,"vulnerabilities":483,"is_current":51},"3.1.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feasy-replace-image.3.1.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Feasy-replace-image\u002Ftags\u002F3.1.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Feasy-replace-image%2Ftags%2F3.0.0&new_path=%2Feasy-replace-image%2Ftags%2F3.1.0",[484,485],{"id":61,"url_slug":62,"title":63,"severity":41,"cvss_score":67,"vuln_type":69,"patched_in_version":66},{"id":34,"url_slug":35,"title":36,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":40},{"version":487,"download_url":488,"svn_tag_url":489,"released_at":38,"has_diff":51,"diff_files_changed":490,"diff_lines":38,"trac_diff_url":491,"vulnerabilities":492,"is_current":51},"3.0.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feasy-replace-image.3.0.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Feasy-replace-image\u002Ftags\u002F3.0.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Feasy-replace-image%2Ftags%2F2.2.1&new_path=%2Feasy-replace-image%2Ftags%2F3.0.0",[493,494],{"id":61,"url_slug":62,"title":63,"severity":41,"cvss_score":67,"vuln_type":69,"patched_in_version":66},{"id":34,"url_slug":35,"title":36,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":40},{"version":496,"download_url":497,"svn_tag_url":498,"released_at":38,"has_diff":51,"diff_files_changed":499,"diff_lines":38,"trac_diff_url":500,"vulnerabilities":501,"is_current":51},"2.2.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feasy-replace-image.2.2.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Feasy-replace-image\u002Ftags\u002F2.2.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Feasy-replace-image%2Ftags%2F2.2&new_path=%2Feasy-replace-image%2Ftags%2F2.2.1",[502,503],{"id":61,"url_slug":62,"title":63,"severity":41,"cvss_score":67,"vuln_type":69,"patched_in_version":66},{"id":34,"url_slug":35,"title":36,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":40},{"version":505,"download_url":506,"svn_tag_url":507,"released_at":38,"has_diff":51,"diff_files_changed":508,"diff_lines":38,"trac_diff_url":509,"vulnerabilities":510,"is_current":51},"2.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feasy-replace-image.2.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Feasy-replace-image\u002Ftags\u002F2.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Feasy-replace-image%2Ftags%2F2.1&new_path=%2Feasy-replace-image%2Ftags%2F2.2",[511,512],{"id":61,"url_slug":62,"title":63,"severity":41,"cvss_score":67,"vuln_type":69,"patched_in_version":66},{"id":34,"url_slug":35,"title":36,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":40},{"version":514,"download_url":515,"svn_tag_url":516,"released_at":38,"has_diff":51,"diff_files_changed":517,"diff_lines":38,"trac_diff_url":518,"vulnerabilities":519,"is_current":51},"2.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feasy-replace-image.2.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Feasy-replace-image\u002Ftags\u002F2.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Feasy-replace-image%2Ftags%2F2.0&new_path=%2Feasy-replace-image%2Ftags%2F2.1",[520,521],{"id":61,"url_slug":62,"title":63,"severity":41,"cvss_score":67,"vuln_type":69,"patched_in_version":66},{"id":34,"url_slug":35,"title":36,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":40},{"version":523,"download_url":524,"svn_tag_url":525,"released_at":38,"has_diff":51,"diff_files_changed":526,"diff_lines":38,"trac_diff_url":38,"vulnerabilities":527,"is_current":51},"2.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feasy-replace-image.2.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Feasy-replace-image\u002Ftags\u002F2.0\u002F",[],[528,529],{"id":61,"url_slug":62,"title":63,"severity":41,"cvss_score":67,"vuln_type":69,"patched_in_version":66},{"id":34,"url_slug":35,"title":36,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":40}]