{"id":6815,"date":"2025-06-13T03:09:17","date_gmt":"2025-06-13T03:09:17","guid":{"rendered":"http:\/\/localhost\/?p=6815"},"modified":"2025-06-13T03:09:17","modified_gmt":"2025-06-13T03:09:17","slug":"auto-attachments-185-authenticated-administrator-stored-cross-site-scripting","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=6815","title":{"rendered":"Auto Attachments <= 1.8.5 - Authenticated (Administrator+) Stored Cross-Site Scripting"},"content":{"rendered":"
\n

CVE Details<\/h2>\n
\n
\n

Basic Information<\/h3>\n\n\n\n\n\n
Title<\/th>\nAuto Attachments <= 1.8.5 - Authenticated (Administrator+) Stored Cross-Site Scripting<\/td>\n<\/tr>\n
Type<\/th>\ncve<\/td>\n<\/tr>\n
Published<\/th>\n2025-06-13T07:23:46.262Z<\/td>\n<\/tr>\n
Last Seen<\/th>\n<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Product Information<\/h3>\n\n\n\n\n
Vendor<\/th>\nkaisercrazy<\/td>\n<\/tr>\n
Product<\/th>\nAuto Attachments<\/td>\n<\/tr>\n
Version<\/th>\n*<\/td>\n<\/tr>\n<\/table>\n<\/div>\n<\/div>\n
\n

CVSS Information<\/h3>\n\n\n\n\n\n\n
Base Score<\/th>\n5.5 (MEDIUM)<\/td>\n<\/tr>\n
Attack Vector<\/th>\nCVSS:3.1\/AV:N\/AC:H\/PR:H\/UI:N\/S:C\/C:L\/I:L\/A:L<\/td>\n<\/tr>\n
Confidentiality Impact<\/th>\n<\/td>\n<\/tr>\n
Integrity Impact<\/th>\n<\/td>\n<\/tr>\n
Availability Impact<\/th>\n<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

AI Analysis<\/h3>\n\n\n\n\n\n\n
AI Description<\/th>\nThe Auto Attachments plugin for WordPress is vulnerable to Stored Cross-Site Scripting (XSS) via admin settings in versions up to 1.8.5. This vulnerability allows authenticated attackers with administrator privileges to inject malicious scripts into pages, which execute when accessed. It only affects multi-site installations and those with unfiltered_html disabled.<\/td>\n<\/tr>\n
AI Severity<\/th>\nMedium<\/td>\n<\/tr>\n
Vendor<\/th>\nWordPress Community<\/td>\n<\/tr>\n
Product<\/th>\nAuto Attachments<\/td>\n<\/tr>\n
Affected Version<\/th>\n<= 1.8.5<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Affected Products<\/h4>\n