WP Attachments enhances the download experience and file management in WordPress. It automatically displays attachments in your posts and pages, so you don’t need to manually insert download links.
Easily attach, unattach, or reattach files directly from the media library.
Key Features:
– 🤖 Automatically displays attachments after post content
– ℹ️ Backend metabox for managing attachments
– 🔃 Quick Attach, Unattach, and Reattach actions in the Media Library
– 🔢 Download counter with anti-spam and logged-in user filtering
– 🧑💻 Developer hooks and filters for customization
– 🛍️ WooCommerce compatible
– 🎨 Five icon packs to choose from
– 📜 Supports posts, pages, and custom post types
– 🎢 Customizable themes (title, date, size, caption, and more)
Contributions
- Part of WPGov.it, providing open source solutions for Italian Public Government websites.
- Thanks to the Italian community Porte Aperte sul Web for beta testing and ideas.
- Metabox based on IJ Post Attachments
- Some icons by Yusuke Kamiyamane.
CVE History
| CVE | Published | CVSS v3 | CVSS v2 |
|---|---|---|---|
| 6.1 MEDIUM | — | ||
The WP Attachments plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘attachment_id’ parameter in all versions up to, and including, 5.0.12 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | |||