cleantalk
Vulnerabilities and Security Researches

Attachment Manager, db3f647bdb78ac3164c77feb81fca03ce01edf2c

CVE, Research URL

db3f647bdb78ac3164c77feb81fca03ce01edf2c

Home page URL

Security reports for Attachment Manager

Application

Attachment Manager

Published on
Aug 16, 2017
Research Description
Attachment Manager [attachment-manager] < 2.1.2 WordPress Attachment Manager Plugin <= 2.1.1 - Arbitrary File Upload Vulnerability WordPress Attachment Manager Plugin Arbitrary File Upload Vulnerability is prone to a Arbitrary File Upload Vulnerability. In the function hande_actions(), it's missing an additional check for "page" and "wam_add_icon" GET variables. Update the plugin.
Affected versions
Min -, max 2.1.2.
Status
vulnerable
Previous vulnerability researches
Attachment Manager (CVE-2025-7643) , Jul 19, 2025
Attachment Manager (db3f647bdb78ac3164c77feb81fca03ce01edf2c) , Jun 07, 2024
New vulnerability
Maya Business Plugin (CVE-2025-53208) , Jul 20, 2025
Ghost Kit – Page Builder Blocks &amp; Extensions (CVE-2025-53567) , Jul 20, 2025
Master Addons for Elementor (CVE-2025-5284) , Jul 20, 2025
Attachment Manager (CVE-2025-7643) , Jul 19, 2025
B1.lt (CVE-2025-6718) , Jul 19, 2025