Does Attachment Slugs for WordPress have any unpatched vulnerabilities?

No. All known vulnerabilities in Attachment Slugs for WordPress have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Attachment Slugs for WordPress compatible with WordPress 6.1.10?

According to WordPress.org data, Attachment Slugs for WordPress 2.0.0 has been tested up to WordPress 6.1.10. Check the plugin's changelog for the latest compatibility information.

Is Attachment Slugs for WordPress compatible with PHP 5.6+?

Attachment Slugs for WordPress requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Attachment Slugs for WordPress updated?

Attachment Slugs for WordPress was last updated on Dec 13, 2022. Frequent updates are generally a positive security signal.

What is Attachment Slugs for WordPress's security score?

Attachment Slugs for WordPress has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Attachment Slugs for WordPress Security & Risk Analysis

wordpress.org/plugins/attachment-slug

Enables permalink support for media attachments making the URLs more friendly and great for SEO.

100 active installs v2.0.0 PHP 5.6+ WP 4.4+ Updated Dec 13, 2022

attachmentattachment-slugattachmentsimage-slugpage-slug

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Attachment Slugs for WordPress Safe to Use in 2026?

Generally Safe

Score 85/100

Attachment Slugs for WordPress has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3yr ago

Risk Assessment

The attachment-slug plugin v2.0.0 exhibits a generally good security posture with no known vulnerabilities in its history and a commendable approach to SQL querying with 100% prepared statements. The absence of direct entry points like AJAX handlers, REST API routes, and shortcodes is a significant strength. However, the static analysis reveals two critical taint flows with unsanitized paths, indicating a potential risk of insecure handling of data that could lead to vulnerabilities if these paths are reachable and the data is user-controlled. While the plugin has a large number of output escapings, a portion of these are not properly escaped, which could present a risk for cross-site scripting (XSS) vulnerabilities, though the severity depends on the context of the unescaped output. The lack of capability checks on its functions is a concern, especially if any sensitive operations are performed without proper authorization checks, though the absence of direct entry points mitigates this to some extent. Overall, the plugin's clean vulnerability history and secure SQL practices are positives, but the identified taint flows and unescaped outputs warrant attention.

Key Concerns

Taint flows with unsanitized paths (High severity)
Unescaped output found (22%)
No capability checks

Vulnerabilities

None known

Attachment Slugs for WordPress Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Attachment Slugs for WordPress Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

18 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared2 total queries

Output Escaping

78% escaped23 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

save_individual_slug (attachment-slug.php:256)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Attachment Slugs for WordPress Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 9

actionadmin_initattachment-slug.php:88

actionadmin_initattachment-slug.php:91

filterattachment_linkattachment-slug.php:94

actioninitattachment-slug.php:97

actioninitattachment-slug.php:100

actionattachment_submitbox_misc_actionsattachment-slug.php:104

actionattachment_updatedattachment-slug.php:105

actionadmin_noticesattachment-slug.php:124

filterplugin_localeattachment-slug.php:319

Maintenance & Trust

Attachment Slugs for WordPress Maintenance & Trust

Maintenance Signals

WordPress version tested6.1.10

Last updatedDec 13, 2022

PHP min version5.6

Downloads6K

Community Trust

Rating100/100

Number of ratings3

Active installs100

Alternatives

Attachment Slugs for WordPress Alternatives

Export media with selected content (by DKZR)

export-media-with-selected-content

100

Include all relevant attachments in your export.

50K No CVEs

File Upload Types by WPForms

file-upload-types

Easily allow WordPress to accept and upload any file type extension or MIME type, including custom file types.

30K 1 CVE

Lightbox with PhotoSwipe

lightbox-photoswipe

100

Integration of PhotoSwipe (http://photoswipe.com) for WordPress.

20K No CVEs

Document Gallery

document-gallery

100

This plugin generates thumbnails for documents and displays them in a gallery-like format for easy sharing.

9K No CVEs

Download Attachments

download-attachments

Download Attachments is a new approach to managing downloads in WordPress. It allows you to easily add and display download links in any post or page.

9K 3 CVEs

Developer Profile

Attachment Slugs for WordPress Developer Profile

Sébastien Dumont

15 plugins · 2K total installs

trust score

Avg Security Score

87/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Attachment Slugs for WordPress

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/attachment-slug/admin/views/html-notice-requirement-wp.php

HTML / DOM Fingerprints

CSS Classes

misc-pub-attachment-slug

Data Attributes

attachment_slugid="attachment_slug"

FAQ