CVSS 3.1 Score 8.8 of 10 (high)


Published Oct 16, 2023
Updated: Nov 7, 2023
CWE ID 502


CVE-2023-4643 is a high-severity vulnerability affecting the Enable Media Replace WordPress plugin before version 4.1.3. The vulnerability allows for unserialization of user input through the Remove Background feature, potentially enabling PHP Object Injection by Author+ users if a suitable gadget is present on the blog. This vulnerability affects multiple products, including oVnaWX, oVnaWW, oVnaWV, and others. To remediate this vulnerability, it is recommended to update the Enable Media Replace plugin to version 4.1.3 or later. This vulnerability poses a significant danger to organizations as it can be exploited remotely over a network without requiring user interaction. It has a high impact on confidentiality and integrity, and potentially allows attackers to execute arbitrary code on affected systems.


Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-4643 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options