Vulnerabilities and security researches forattachment-manager attachment-manager

Jun 07, 2024

CVE, Research URL: db3f647bdb78ac3164c77feb81fca03ce01edf2c
Home page URL: Security reports for Attachment Manager
Application: Attachment Manager
Date: Aug 16, 2017
Research Description: Attachment Manager [attachment-manager] < 2.1.2 WordPress Attachment Manager Plugin <= 2.1.1 - Arbitrary File Upload Vulnerability WordPress Attachment Manager Plugin Arbitrary File Upload Vulnerability is prone to a Arbitrary File Upload Vulnerability. In the function hande_actions(), it's missing an additional check for "page" and "wam_add_icon" GET variables. Update the plugin.
Affected versions: Min -, max -.
Status: vulnerable

Jul 19, 2025

CVE, Research URL: CVE-2025-7643
Home page URL: Security reports for Attachment Manager
Application: Attachment Manager
Date: Jul 18, 2025
Research Description: The Attachment Manager plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the handle_actions() function in all versions up to, and including, 2.1.2. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
Affected versions: Min -, max -.
Status: vulnerable