CVE-2025-62888

Missing Authorization vulnerability in Marco Milesi WP Attachments wp-attachments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Attachments: from n/a through = 5.2...

EUVD-2025-205949

Missing Authorization vulnerability in Marco Milesi WP Attachments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Attachments: from n/a through 5.2...

CVE-2025-62888 WordPress WP Attachments plugin <= 5.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Marco Milesi WP Attachments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Attachments: from n/a through 5.2...

WordPress plugin WP Attachments 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

PT-2025-54341

Name of the Vulnerable Software and Affected Versions Marco Milesi WP Attachments versions through 5.2 Description A missing authorization issue exists in Marco Milesi WP Attachments, stemming from incorrectly configured access control security levels. This allows for potential exploitation of th...

CVE-2025-12581

The Attachments Handler plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in page...

WordPress plugin WP Attachments 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2023-14189 · WordPress · Wp Attachments

Name of the Vulnerable Software and Affected Versions: WP Attachments WordPress plugin versions prior to 5.0.6 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example in...

WP Attachments < 5.0.6 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC Put the following payload in the "List Head" ...

CVE-2022-3469 WP Attachments < 5.0.5 - Admin+ Stored Cross-Site Scripting

The WP Attachments WordPress plugin before 5.0.5 does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite setup...

WordPress plugin WP Attachments 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

PT-2022-22298 · WordPress · Wp Attachments

Name of the Vulnerable Software and Affected Versions: WP Attachments versions prior to 5.0.5 Description: The issue allows high-privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This is possible because some settings are not properly sanitized and escaped. The atta...