PT-2025-52534 · WordPress · Attachments Handler
Johska
·
Published
2025-12-20
·
Updated
2025-12-20
·
CVE-2025-12581
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Attachments Handler plugin for WordPress versions up to and including 1.1.7
Description
The Attachments Handler plugin for WordPress is susceptible to Reflected Cross-Site Scripting through a URL parameter. Insufficient input sanitization and output escaping allow unauthenticated attackers to inject arbitrary web scripts into pages. Successful exploitation requires tricking a user into performing an action, such as clicking a malicious link, which then executes the injected script.
Recommendations
Update the Attachments Handler plugin to a version later than 1.1.7.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Attachments Handler