CVE-2025-62888
- EPSS 0.05%
- Veröffentlicht 31.12.2025 14:17:55
- Zuletzt bearbeitet 20.01.2026 15:18:01
Missing Authorization vulnerability in Marco Milesi WP Attachments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Attachments: from n/a through 5.2.
CVE-2023-45651
- EPSS 0.15%
- Veröffentlicht 16.10.2023 09:15:11
- Zuletzt bearbeitet 21.11.2024 08:27:08
Cross-Site Request Forgery (CSRF) vulnerability in Marco Milesi WP Attachments allows Cross Site Request Forgery.This issue affects WP Attachments: from n/a through 5.0.11.
CVE-2022-4330
- EPSS 0.21%
- Veröffentlicht 16.01.2023 16:15:11
- Zuletzt bearbeitet 21.11.2024 07:35:04
The WP Attachments WordPress plugin before 5.0.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disall...
CVE-2022-3469
- EPSS 0.34%
- Veröffentlicht 14.11.2022 15:15:48
- Zuletzt bearbeitet 05.05.2025 16:15:19
The WP Attachments WordPress plugin before 5.0.5 does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disal...