CVE-2025-5082

The WP Attachments plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘attachmentid’ parameter in all versions up to, and including, 5.0.12 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrar...

CVE-2025-5082

The WP Attachments plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘attachmentid’ parameter in all versions up to, and including, 5.0.12 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrar...

CVE-2025-5082

The WP Attachments plugin for WordPress (up to and including version 5.0.12) is vulnerable to Reflected Cross-Site Scripting via the attachment_id parameter due to insufficient input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary web scripts in pages t...

CVE-2022-4330

The WP Attachments WordPress plugin before 5.0.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2022-3469

The WP Attachments WordPress plugin before 5.0.5 does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite setup...

CVE-2023-45651

CVE-2023-45651 concerns the WordPress plugin WP Attachments . The vulnerability is a Cross-Site Request Forgery (CSRF) that affects WP Attachments versions up to and including 5.0.11. A fix exists in version 5.0.12 . Multiple connected sources corroborate the CSRF impact and the vendor-provided p...