Does See attachments have any unpatched vulnerabilities?

No. All known vulnerabilities in See attachments have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is See attachments compatible with WordPress 4.9.29?

According to WordPress.org data, See attachments 1.5.4 has been tested up to WordPress 4.9.29. Check the plugin's changelog for the latest compatibility information.

How often is See attachments updated?

See attachments was last updated on Jan 10, 2023. Frequent updates are generally a positive security signal.

What is See attachments's security score?

See attachments has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

See attachments Security & Risk Analysis

wordpress.org/plugins/see-attachments

Shows all attachments for a post or page in a box on the edit page. Supports all custom post types.

20 active installs v1.5.4 PHP + WP 3.0+ Updated Jan 10, 2023

attachattachmentpagepostsee

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is See attachments Safe to Use in 2026?

Generally Safe

Score 85/100

See attachments has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3yr ago

Risk Assessment

The 'see-attachments' plugin v1.5.4 exhibits a strong security posture in several key areas. The absence of known CVEs and a clean vulnerability history indicate a well-maintained and secure plugin. The code analysis reveals no dangerous functions, raw SQL queries, file operations, or external HTTP requests, which are common sources of vulnerabilities. Furthermore, the plugin uses prepared statements for its SQL queries and has a capability check in place.

However, there are significant concerns regarding output escaping. With 100% of its outputs unescaped, this presents a substantial risk of Cross-Site Scripting (XSS) vulnerabilities. Any user-supplied data that is displayed by the plugin without proper sanitization could be exploited. While the attack surface is minimal and there are no critical taint flows or unsanitized paths identified, the lack of output escaping is a critical flaw that needs immediate attention. The plugin's strengths lie in its clean history and lack of exploitable code patterns, but the pervasive output escaping issue significantly undermines its overall security.

Key Concerns

100% of outputs are unescaped

Vulnerabilities

None known

See attachments Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

See attachments Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped8 total outputs

Attack Surface

See attachments Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 2

filterplugin_row_metasee-attachments.php:53

actionadd_meta_boxessee-attachments.php:120

Maintenance & Trust

See attachments Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29

Last updatedJan 10, 2023

PHP min version

Downloads7K

Community Trust

Rating0/100

Number of ratings0

Active installs20

Alternatives

See attachments Alternatives

Attachments

attachments

100

Attachments allows you to simply append any number of items from your WordPress Media Library to Posts, Pages, and Custom Post Types

9K No CVEs

Autoremove Attachments

autoremove-attachments

Remove child attachments when parent post, page or custom post type is deleted.

3K No CVEs

Auto Attachments Cleaner

auto-attachments-cleaner

Automatically deletes attachments on post delete

70 No CVEs

All Round Order

all-round-order

Order all items(Pages, Posts, Custom Post Types and attachments) easily with a drag and drop feature

40 No CVEs

PEPS Media SEO Simple

peps-media-seo

Set a custom page/post title, description and social share image. Adds OG Meta tags and Twitter card tags automatically. Add custom code to header, bo …

40 No CVEs

Developer Profile

See attachments Developer Profile

ramon fincken

12 plugins · 5K total installs

trust score

Avg Security Score

91/100

Avg Patch Time

249 days

View full developer profile

Detection Fingerprints

How We Detect See attachments

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/see-attachments/images/

HTML / DOM Fingerprints

HTML Comments

Data Attributes

style

FAQ