CVE-2025-12581

Name of the Vulnerable Software and Affected Versions Attachments Handler plugin for WordPress versions up to and including 1.1.7

Description The Attachments Handler plugin for WordPress is susceptible to Reflected Cross-Site Scripting through a URL parameter. Insufficient input sanitization and output escaping allow unauthenticated attackers to inject arbitrary web scripts into pages. Successful exploitation requires tricking a user into performing an action, such as clicking a malicious link, which then executes the injected script.

Recommendations Update the Attachments Handler plugin to a version later than 1.1.7.