CVE-2024-4873 - Vulnerability Details - OpenCVE

The Replace Image plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.10 via the image replacement functionality due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Author-level access and above, to replace images uploaded by higher level users such as admins.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00122.

Key SSVC decision points have not yet been added.

Vendors	Products
Wordpress	Wordpress

No data.

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Wordpress	Wordpress

References

Link	Providers
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3117484%40replace-image&new=3117484%40replace-image&sfp_email=&sfph_mail=
https://wordpress.org/plugins/replace-image/
https://www.wordfence.com/threat-intel/vulnerabilities/id/5a5d3a62-f7e5-4776-bed9-7ff3f81da452?source=cve

History

Wed, 08 Apr 2026 17:45:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-639
References		https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3117484%40replace-image&new=3117484%40replace-image&sfp_email=&sfph_mail=

MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2024-06-19T03:12:30.152Z

Updated: 2026-04-08T16:55:01.103Z

Reserved: 2024-05-14T14:45:47.037Z

Link: CVE-2024-4873

Vulnrichment

Updated: 2024-08-01T20:55:09.990Z

NVD

Status : Awaiting Analysis

Published: 2024-06-19T04:15:12.990

Modified: 2026-04-08T18:21:57.130

Link: CVE-2024-4873

Redhat

No data.

OpenCVE Enrichment

Updated: 2025-07-12T22:23:09Z

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2024-4873", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2024-05-14T14:45:47.037Z", "datePublished": "2024-06-19T03:12:30.152Z", "dateUpdated": "2026-04-08T16:55:01.103Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:55:01.103Z"}, "affected": [{"vendor": "aspengrovestudios", "product": "Replace Image", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.1.10", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Replace Image plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.10 via the image replacement functionality due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Author-level access and above, to replace images uploaded by higher level users such as admins."}], "title": "Replace Image <= 1.1.10 - Insecure Direct Object Reference", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5a5d3a62-f7e5-4776-bed9-7ff3f81da452?source=cve"}, {"url": "https://wordpress.org/plugins/replace-image/"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3117484%40replace-image&new=3117484%40replace-image&sfp_email=&sfph_mail="}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-639 Authorization Bypass Through User-Controlled Key", "cweId": "CWE-639", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Jin Hao Chan"}], "timeline": [{"time": "2024-06-18T14:34:48.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-20T15:27:33.168935Z", "id": "CVE-2024-4873", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-20T15:27:48.898Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:55:09.990Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5a5d3a62-f7e5-4776-bed9-7ff3f81da452?source=cve", "tags": ["x_transferred"]}, {"url": "https://wordpress.org/plugins/replace-image/", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5a5d3a62-f7e5-4776-bed9-7ff3f81da452?source=cve", "tags": ["x_transferred"]}, {"url": "https://wordpress.org/plugins/replace-image/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:55:09.990Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-4873", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-20T15:27:33.168935Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-20T15:27:39.760Z"}}], "cna": {"title": "Replace Image <= 1.1.10 - Insecure Direct Object Reference", "credits": [{"lang": "en", "type": "finder", "value": "Jin Hao Chan"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}}], "affected": [{"vendor": "aspengrovestudios", "product": "Replace Image", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "1.1.10"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2024-06-18T14:34:48.000+00:00", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5a5d3a62-f7e5-4776-bed9-7ff3f81da452?source=cve"}, {"url": "https://wordpress.org/plugins/replace-image/"}], "descriptions": [{"lang": "en", "value": "The Replace Image plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.10 via the image replacement functionality due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Author-level access and above, to replace images uploaded by higher level users such as admins."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-284 Improper Access Control"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2024-06-19T03:12:30.152Z"}}}, "cveMetadata": {"cveId": "CVE-2024-4873", "state": "PUBLISHED", "dateUpdated": "2024-08-01T20:55:09.990Z", "dateReserved": "2024-05-14T14:45:47.037Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2024-06-19T03:12:30.152Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Replace Image plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.10 via the image replacement functionality due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Author-level access and above, to replace images uploaded by higher level users such as admins."}, {"lang": "es", "value": "El complemento Replace Image para WordPress es vulnerable a Insecure Direct Object Reference en todas las versiones hasta la 1.1.10 incluida a trav\u00e9s de la funcionalidad de reemplazo de imagen debido a la falta de validaci\u00f3n en una clave controlada por el usuario. Esto hace posible que atacantes autenticados, con acceso de nivel de autor y superior, reemplacen im\u00e1genes cargadas por usuarios de nivel superior, como administradores."}], "id": "CVE-2024-4873", "lastModified": "2026-04-08T18:21:57.130", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2024-06-19T04:15:12.990", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3117484%40replace-image&new=3117484%40replace-image&sfp_email=&sfph_mail="}, {"source": "security@wordfence.com", "url": "https://wordpress.org/plugins/replace-image/"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5a5d3a62-f7e5-4776-bed9-7ff3f81da452?source=cve"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://wordpress.org/plugins/replace-image/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5a5d3a62-f7e5-4776-bed9-7ff3f81da452?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-639"}], "source": "security@wordfence.com", "type": "Primary"}]}