Title: [Plugin: Enable Media Replace] wpscan security warning
Last modified: August 20, 2016

---

# [Plugin: Enable Media Replace] wpscan security warning

 *  ResolvedModerator [Steven Stern (sterndata)](https://wordpress.org/support/users/sterndata/)
 * (@sterndata)
 * Volunteer Forum Moderator
 * [13 years, 8 months ago](https://wordpress.org/support/topic/plugin-enable-media-replace-wpscan-security-warning/)
 * Has this issue been addressed in the current version?
 * [http://www.exploit-db.com/exploits/16144/](http://www.exploit-db.com/exploits/16144/)
 * [http://wordpress.org/extend/plugins/enable-media-replace/](http://wordpress.org/extend/plugins/enable-media-replace/)

Viewing 7 replies - 1 through 7 (of 7 total)

 *  Moderator [Steven Stern (sterndata)](https://wordpress.org/support/users/sterndata/)
 * (@sterndata)
 * Volunteer Forum Moderator
 * [13 years, 6 months ago](https://wordpress.org/support/topic/plugin-enable-media-replace-wpscan-security-warning/#post-3063305)
 * Given the lack of response, I have deleted this plugin from all sites I manage.
 *  [Jason LeMahieu (MadtownLems)](https://wordpress.org/support/users/madtownlems/)
 * (@madtownlems)
 * [13 years, 5 months ago](https://wordpress.org/support/topic/plugin-enable-media-replace-wpscan-security-warning/#post-3063306)
 * Why not try it on a local install and see?
 *  [Måns Jonasson](https://wordpress.org/support/users/mungobbq/)
 * (@mungobbq)
 * [13 years, 5 months ago](https://wordpress.org/support/topic/plugin-enable-media-replace-wpscan-security-warning/#post-3063307)
 * Steven, this was fixed way back in 2.4, in the beginning of 2011, so yes.
 *  Moderator [Steven Stern (sterndata)](https://wordpress.org/support/users/sterndata/)
 * (@sterndata)
 * Volunteer Forum Moderator
 * [13 years, 5 months ago](https://wordpress.org/support/topic/plugin-enable-media-replace-wpscan-security-warning/#post-3063308)
 * Mans: Thanks. I saw notes in the changelog, but I wanted to be sure. It’s a very
   useful plugin and I’m glad to have it back on my sites.
 *  [ErikWTN](https://wordpress.org/support/users/erikwtn/)
 * (@erikwtn)
 * [13 years, 1 month ago](https://wordpress.org/support/topic/plugin-enable-media-replace-wpscan-security-warning/#post-3063318)
 * My site just got hacked because of this plug-in!!! Don’t use it!
    [http://www.exploit-db.com/exploits/16144/](http://www.exploit-db.com/exploits/16144/)
 * I pulled up my site yesterday and there was just a page saying
    Hacked by Dark-
   Devilz Status: Closed Attacker ID: Dark-Devilz Contact Me: [dark-devilz@hackermail.com](https://wordpress.org/support/topic/plugin-enable-media-replace-wpscan-security-warning/dark-devilz@hackermail.com?output_format=md)
   NOTICE: FREEDOM FOR PALESTINE!!!!!!
 * Needless to say, I freaked out. I had just installed this plug-in last weekend
   so it didn’t take long to get hacked. I removed the plug-in and re-installed 
   WordPress and it seems to have fixed it, but they could have planted some virus
   or code in my files so they can get in later.
 *  [Jason LeMahieu (MadtownLems)](https://wordpress.org/support/users/madtownlems/)
 * (@madtownlems)
 * [13 years, 1 month ago](https://wordpress.org/support/topic/plugin-enable-media-replace-wpscan-security-warning/#post-3063319)
 * The vulnerability you’re linking to was fixed in version 2.4, in early 2011.
 * The fact that you installed this plugin last weekend, and soon after realized
   you have been compromised is anecdotal at best. If you have any confirmed exploits
   through this plugin, contact the author or [plugins@wordpress.org](https://wordpress.org/support/topic/plugin-enable-media-replace-wpscan-security-warning/plugins@wordpress.org?output_format=md)
   directly with details.
 * Note that the entire Internet is currently experiencing a significantly heightened
   wave of attacks against Apache – the web server that you’re likely using on your
   site. There have been consequently been many more plugins being reported in these
   past few weeks, blamed as being the cause.
 * Again, if you have confirmation that this plugin is actually your culprit, that’s
   one thing, and you should definitely alert the appropriate parties of the specifics,
   but the fact that you recently enabled this plugin and shortly afterwards have
   discovered your site compromised is far from sufficient proof.
 * Cheers
 *  [Måns Jonasson](https://wordpress.org/support/users/mungobbq/)
 * (@mungobbq)
 * [13 years, 1 month ago](https://wordpress.org/support/topic/plugin-enable-media-replace-wpscan-security-warning/#post-3063320)
 * Thanks Jason, I was about to say exactly what you said. The vulnerability, which
   was theoretical and never exploited (as far as I know) was patched a long time
   ago.

Viewing 7 replies - 1 through 7 (of 7 total)

The topic ‘[Plugin: Enable Media Replace] wpscan security warning’ is closed to 
new replies.

 * ![](https://ps.w.org/enable-media-replace/assets/icon-256x256.png?rev=1940728)
 * [Enable Media Replace](https://wordpress.org/plugins/enable-media-replace/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/enable-media-replace/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/enable-media-replace/)
 * [Active Topics](https://wordpress.org/support/plugin/enable-media-replace/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/enable-media-replace/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/enable-media-replace/reviews/)

 * 7 replies
 * 4 participants
 * Last reply from: [Måns Jonasson](https://wordpress.org/support/users/mungobbq/)
 * Last activity: [13 years, 1 month ago](https://wordpress.org/support/topic/plugin-enable-media-replace-wpscan-security-warning/#post-3063320)
 * Status: resolved