Enable Media Replace

Use with caution

Last revised:

Confidence: Medium
This plugin has been given a short, targeted code review.

Before using this plugin, you should carefully consider these findings. Read more about this recommendation.


This recommendation applies to version 2.9.3 of this plugin, but the most recent version is 3.0.3. These findings may no longer be correct.


This plugin is likely to contain vulnerabilities which are exploitable by privileged users. It appears to be possible to upload PHP files, which could be executed if not prohibited by the server’s configuration. The file upload handling code also appears to be vulnerable to SQL injection.

This plugin does not use nonces to protect admin forms.

Reason for the 'Use with caution' result

The plugin contains or is likely to contain a vulnerability which could be exploited by a privileged user to affect the site’s confidentiality, integrity or availability in a manner exceeding their privileges:

Failure criteria

  • Execution of unprepared SQL statements
  • Poor coding style
  • Failure to use available core functionality
  • Unsafe file or network IO

Read more about our failure criteria.