3 matches found
CVE-2022-3469
CVE-2022-3469 affects the WP Attachments WordPress plugin prior to 5.0.5. The issue is that certain settings are not properly sanitized/escaped, enabling stored cross-site scripting (XSS) by high-privilege users (e.g., admins), even when unfiltered_html is disallowed (such as in multisite setups)...
CVE-2022-4330
CVE-2022-4330 affects the WP Attachments WordPress plugin prior to 5.0.6. The vulnerability arises because the plugin does not sanitise and escape some of its settings, enabling stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed, such as in multisite setups....
CVE-2023-45651
CVE-2023-45651 concerns the WordPress plugin WP Attachments . The vulnerability is a Cross-Site Request Forgery (CSRF) that affects WP Attachments versions up to and including 5.0.11. A fix exists in version 5.0.12 . Multiple connected sources corroborate the CSRF impact and the vendor-provided p...