List Related Attachments Security & Risk Analysis
wordpress.org/plugins/list-related-attachments-widgetListed Related Attachments will display a filtered list of all related attachments for the current post or page.
Is List Related Attachments Safe to Use in 2026?
Use With Caution
Score 64/100List Related Attachments has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.
The list-related-attachments-widget plugin v2.1.6 exhibits a mixed security posture. On the positive side, the plugin demonstrates good practices by using prepared statements for all SQL queries and not performing file operations or external HTTP requests. It also has a minimal attack surface with only one shortcode and no AJAX handlers or REST API routes. However, a significant concern is the low percentage of properly escaped output (5%), indicating a strong potential for Cross-Site Scripting (XSS) vulnerabilities. The absence of nonce checks on its single entry point (the shortcode) further exacerbates this risk, as it could allow unauthenticated users to trigger potentially vulnerable code paths.
The vulnerability history reveals a recent medium-severity XSS vulnerability (last patched on 2025-02-24), which directly aligns with the output escaping concerns identified in the static analysis. The fact that this vulnerability is currently unpatched is a critical red flag. While the plugin avoids several common security pitfalls, the combination of insufficient output escaping and the presence of an unpatched XSS vulnerability, coupled with a lack of nonce checks on its sole entry point, presents a notable risk to users.
Key Concerns
- Unpatched CVE (Medium Severity XSS)
- Low percentage of properly escaped output (5%)
- No nonce checks on entry points (shortcode)
List Related Attachments Security Vulnerabilities
CVEs by Year
Severity Breakdown
1 total CVE
List Related Attachments <= 2.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
List Related Attachments Release Timeline
List Related Attachments Code Analysis
Output Escaping
List Related Attachments Attack Surface
Shortcodes 1
WordPress Hooks 5
Maintenance & Trust
List Related Attachments Maintenance & Trust
Maintenance Signals
Community Trust
List Related Attachments Alternatives
NS Category Widget
ns-category-widget
A plugin to add widget for listing Categories and Taxonomies. Extending Default WordPress Category Widget.
Swifty Image Widget
swifty-image-widget
Super simple but powerful widget that allows adding single or multiple images to your widget positions, using native media uploader.
Attach Files Widget
attach-files-widget
Simple attachment widget that uses native Wordpress upload manager to add files link widgets to your site.
Sub Page Hierarchy Widget
page-hierarchy-plug-in
An easy widget to let you show a clickable list of pages linked to a particular 'parent' page on your site
WPJM Related Jobs
wpjm-related-jobs
WPJM Related Jobs is an addon of WP Job Manager plugin. Its display related job list on job detail page with filtered by Job Type and Company name
List Related Attachments Developer Profile
3 plugins · 140 total installs
How We Detect List Related Attachments
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
HTML / DOM Fingerprints
list-related-attachmime-pdfmime-imagemime-pngmime-jpegmime-gifmime-tiff+22 more<ul class = "list-related-attach<li><a href="