What the vulnerability does
01Description
The Easy Replace Image plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.5.2. This is due to missing capability checks on the `image_replacement_from_url` function that is hooked to the `eri_from_url` AJAX action. This makes it possible for authenticated attackers, with Contributor-level access and above, to replace arbitrary image attachments on the site with images from external URLs, potentially enabling site defacement, phishing attacks, or content manipulation.
Explanation of Vulnerability in Simple Terms
02Summary
Easy Replace Image versions 3.5.2 and earlier lack proper authorization checks on certain operations. A logged-in user with low privileges can modify image data without proper permission validation. The vulnerability does not affect data confidentiality or system availability, only the integrity of image content.
What an attacker can do
03Attacker Capabilities
A low-privilege logged-in user can modify images without proper authorization.
Potential impact on your site
04Site Impact
Unauthorized users may alter or replace images, compromising content integrity and potentially defacing the site.
Conditions required to exploit
05Prerequisites
Attacker must have a low-privilege account on the site and network access to the vulnerable plugin.
Key dates
06Disclosure timeline
January 28, 2026
CVE published
April 8, 2026
Record updated