PT-2026-54889 · WordPress · Shortpixel Enable Media Replace
Ananda Dhakal
·
Published
2026-07-01
·
Updated
2026-07-01
·
CVE-2026-57722
CVSS v3.1
5.9
Medium
| Vector | AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
ShortPixel Enable Media Replace versions prior to 4.2.1
Description
Improper neutralization of input during web page generation leads to a Stored Cross-site Scripting (XSS) issue. Stored XSS occurs when an application receives data from a user and includes that data within its later HTTP responses in an unsafe way, allowing a malicious script to be permanently stored on the server.
Recommendations
Update ShortPixel Enable Media Replace to version 4.2.1 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Shortpixel Enable Media Replace