Lucene search
+L

5 matches found

RedhatCVE
RedhatCVE
added 2025/06/15 8:18 a.m.8 views

CVE-2025-6012

The Auto Attachments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.8.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permission...

5.5CVSS5AI score0.00246EPSS
Exploits0References1
NVD
NVD
added 2025/06/13 8:15 a.m.16 views

CVE-2025-6012

The Auto Attachments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.8.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permission...

5.5CVSS0.00246EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/06/13 7:38 a.m.8 views

WordPress Auto Attachments plugin <= 1.8.5 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by l33ch in WordPress Plugin Auto Attachments versions = 1.8.5...

5.5CVSS5.5AI score0.00246EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2025/06/13 7:23 a.m.55 views

CVE-2025-6012

CVE-2025-6012 – WordPress Auto Attachments plugin suffers a stored XSS in admin settings for versions up to 1.8.5. The issue arises from insufficient input sanitization and output escaping, enabling authenticated attackers with administrator-level permissions (and above) to inject arbitrary scrip...

5.5CVSS5.1AI score0.00246EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/06/13 7:23 a.m.16 views

CVE-2025-6012 Auto Attachments <= 1.8.5 - Authenticated (Administrator+) Stored Cross-Site Scripting

The Auto Attachments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.8.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permission...

5.5CVSS0.00246EPSS
Exploits0References2
Rows per page
Query Builder