CVE-2025-62888 WordPress WP Attachments plugin <= 5.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Marco Milesi WP Attachments wp-attachments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Attachments: from n/a through = 5.2...

CVE-2025-62888

CVE-2025-62888 : Affected software is the WP Attachments plugin for WordPress, with a Missing Authorization vulnerability reported for versions “n/a through 5.2.” The provided CVSS 3.1 vector indicates network access with low privileges and no user interaction, resulting in confidentiality/availa...

CVE-2025-62888 WordPress WP Attachments plugin <= 5.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Marco Milesi WP Attachments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Attachments: from n/a through 5.2...

WordPress plugin WP Attachments 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

WordPress plugin Import external attachments 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

CVE-2025-11701

The Zip Attachments plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check as well as missing post status validation in the zacreatezipcallback function in all versions up to, and including, 1.6. This makes it possible for unauthenticated attackers to...

CVE-2025-11701

The Zip Attachments plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check as well as missing post status validation in the zacreatezipcallback function in all versions up to, and including, 1.6. This makes it possible for unauthenticated attackers to...

EUVD-2025-34547

The Zip Attachments plugin for WordPress is vulnerable to unauthorized loss of data due to a missing authorization and capability checks on the download.php file in all versions up to, and including, 1.6. This makes it possible for unauthenticated attackers to delete arbitrary files from the...

CVE-2025-11692

CVE-2025-11692 affects the Zip Attachments WordPress plugin (versions up to 1.6). The vulnerability is due to missing authorization/capability checks on download.php, enabling unauthenticated attackers to delete arbitrary files in the wp_upload_dir. Connected sources (Wordfence, NVD, CVE records)...

EUVD-2023-50331

Malicious code in bioql PyPI...

CVE-2025-5082

The WP Attachments plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘attachmentid’ parameter in all versions up to, and including, 5.0.12 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrar...

CVE-2025-5082

The WP Attachments plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘attachmentid’ parameter in all versions up to, and including, 5.0.12 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrar...

CVE-2025-5082

The WP Attachments plugin for WordPress (up to and including version 5.0.12) is vulnerable to Reflected Cross-Site Scripting via the attachment_id parameter due to insufficient input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary web scripts in pages t...

WordPress plugin WP Attachments 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress WP Attachments plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied dat...

CVE-2022-4330

The WP Attachments WordPress plugin before 5.0.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2022-3469

The WP Attachments WordPress plugin before 5.0.5 does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite setup...

CVE-2023-46070

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Emmanuel GEORJON EG-Attachments plugin = 2.1.3 versions...

CVE-2023-46070

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Emmanuel GEORJON EG-Attachments plugin = 2.1.3 versions...

PT-2023-29823 · Emmanuel Georjon · Eg-Attachments

Name of the Vulnerable Software and Affected Versions: Emmanuel GEORJON EG-Attachments plugin versions = 2.1.3 Description: The issue is an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This means that an attacker can inject malicious scripts into a website, potentially allowing them ...

CVE-2023-45651

CVE-2023-45651 concerns the WordPress plugin WP Attachments . The vulnerability is a Cross-Site Request Forgery (CSRF) that affects WP Attachments versions up to and including 5.0.11. A fix exists in version 5.0.12 . Multiple connected sources corroborate the CSRF impact and the vendor-provided p...