CVE-2024-4873: 
WordPress vulnerability analysis and mitigation

The Replace Image plugin for WordPress contains an Insecure Direct Object Reference (IDOR) vulnerability in versions up to and including 1.1.10. The vulnerability was discovered and assigned CVE-2024-4873. The affected plugin is used by over 10,000 active WordPress installations and allows users to replace images while retaining URLs and attachment IDs (WordPress Plugin).

The vulnerability is classified as an Insecure Direct Object Reference (IDOR) issue. The flaw exists in the image replacement functionality where the plugin failed to properly implement permission checks on images being replaced. This security gap was addressed in version 1.1.11 by adding permissions verification on images to be replaced and restricting the display of the Replace Image button to users with appropriate permissions (WordPress Plugin).

The vulnerability could potentially allow unauthorized users to replace images on affected WordPress installations, potentially leading to unauthorized modification of website content. This could affect any WordPress site using the Replace Image plugin versions 1.1.10 or earlier (WordPress Plugin).

The vulnerability has been patched in version 1.1.11 of the Replace Image plugin. Site administrators are advised to update to this latest version immediately. The update implements proper permission checks on images to be replaced and restricts the Replace Image button visibility to authorized users only (WordPress Plugin).