CVE-2025-62888

Missing Authorization vulnerability in Marco Milesi WP Attachments wp-attachments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Attachments: from n/a through = 5.2...

WordPress WP Attachments plugin <= 5.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Jitlada in WordPress Plugin WP Attachments versions = 5.2...

EUVD-2023-49942

Malicious code in bioql PyPI...

CVE-2025-5082

The WP Attachments plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘attachmentid’ parameter in all versions up to, and including, 5.0.12 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrar...

CVE-2025-5082

The WP Attachments plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘attachmentid’ parameter in all versions up to, and including, 5.0.12 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrar...

CVE-2025-5082

The WP Attachments plugin for WordPress (up to and including version 5.0.12) is vulnerable to Reflected Cross-Site Scripting via the attachment_id parameter due to insufficient input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary web scripts in pages t...

CVE-2025-5082 WP Attachments <= 5.0.12 - Reflected Cross-Site Scripting via attachment_id Parameter

The WP Attachments plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘attachmentid’ parameter in all versions up to, and including, 5.0.12 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrar...

PT-2025-23065 · WordPress · Wp Attachments

Name of the Vulnerable Software and Affected Versions: WP Attachments plugin for WordPress versions up to, and including, 5.0.12 Description: The issue is related to Reflected Cross-Site Scripting, which allows unauthenticated attackers to inject arbitrary web scripts in pages. This is possible d...

CVE-2023-45651

Cross-Site Request Forgery CSRF vulnerability in Marco Milesi WP Attachments allows Cross Site Request Forgery.This issue affects WP Attachments: from n/a through 5.0.11...

CVE-2022-4330

The WP Attachments WordPress plugin before 5.0.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2022-3469

The WP Attachments WordPress plugin before 5.0.5 does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite setup...

CVE-2023-45651

Cross-Site Request Forgery CSRF vulnerability in Marco Milesi WP Attachments allows Cross Site Request Forgery.This issue affects WP Attachments: from n/a through 5.0.11...

CVE-2023-45651

Cross-Site Request Forgery CSRF vulnerability in Marco Milesi WP Attachments allows Cross Site Request Forgery.This issue affects WP Attachments: from n/a through 5.0.11...

CVE-2023-45651

CVE-2023-45651 concerns the WordPress plugin WP Attachments . The vulnerability is a Cross-Site Request Forgery (CSRF) that affects WP Attachments versions up to and including 5.0.11. A fix exists in version 5.0.12 . Multiple connected sources corroborate the CSRF impact and the vendor-provided p...

CVE-2022-4330

The WP Attachments WordPress plugin before 5.0.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2022-4330

The WP Attachments WordPress plugin before 5.0.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2022-4330 WP Attachments < 5.0.6 - Admin+ Stored XSS

The WP Attachments WordPress plugin before 5.0.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2022-4330

CVE-2022-4330 affects the WP Attachments WordPress plugin prior to 5.0.6. The vulnerability arises because the plugin does not sanitise and escape some of its settings, enabling stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed, such as in multisite setups....

CVE-2022-3469 WP Attachments < 5.0.5 - Admin+ Stored Cross-Site Scripting

The WP Attachments WordPress plugin before 5.0.5 does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite setup...

CVE-2022-3469

CVE-2022-3469 affects the WP Attachments WordPress plugin prior to 5.0.5. The issue is that certain settings are not properly sanitized/escaped, enabling stored cross-site scripting (XSS) by high-privilege users (e.g., admins), even when unfiltered_html is disallowed (such as in multisite setups)...