Does WP Attachment Export have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is WP Attachment Export compatible with WordPress 4.3.34?

According to WordPress.org data, WP Attachment Export 0.3.3 has been tested up to WordPress 4.3.34. Check the plugin's changelog for the latest compatibility information.

How often is WP Attachment Export updated?

WP Attachment Export was last updated on Nov 28, 2017. Frequent updates are generally a positive security signal.

What is WP Attachment Export's security score?

WP Attachment Export has a WP-Safety security score of 84/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Attachment Export Security & Risk Analysis

wordpress.org/plugins/wp-attachment-export

Exports only posts of type 'attachment', i.e. your media library

700 active installs v0.3.3 PHP + WP 3.0+ Updated Nov 28, 2017

adminattachmentsexportimagemedia

B · Generally Safe

CVEs total1

Unpatched0

Last CVEJul 15, 2015

Plugin page Download

Safety Verdict

Is WP Attachment Export Safe to Use in 2026?

Mostly Safe

Score 84/100

WP Attachment Export is generally safe to use though it hasn't been updated recently. 1 past CVE were resolved.

1 known CVELast CVE: Jul 15, 2015Updated 8yr ago

Risk Assessment

The wp-attachment-export plugin, at version 0.3.3, presents a mixed security posture. While the static analysis indicates a remarkably small attack surface with no apparent direct entry points like AJAX handlers, REST API routes, or shortcodes without authentication, and no dangerous functions or file operations, there are significant concerns regarding output escaping and historical vulnerabilities. The fact that 100% of the observed output is not properly escaped is a major red flag, potentially leading to cross-site scripting (XSS) vulnerabilities if user-supplied data is ever incorporated into output without sanitization. The presence of a historical high-severity vulnerability, specifically a 'Missing Authorization' issue, even though it's patched, suggests a past oversight in securing sensitive functionalities. This, combined with the unescaped output, indicates a potential for security weaknesses if not meticulously developed and maintained.

Key Concerns

100% of observed outputs are not properly escaped
History of 1 high severity vulnerability (Missing Authorization)

Vulnerabilities

1 published

WP Attachment Export Security Vulnerabilities

CVEs by Year

1 CVE in 2015

2015

Patched Has unpatched

Severity Breakdown

High

1 total CVE

CVE-2015-20067high · 7.5Missing Authorization

WP Attachment Export < 0.2.4 - Arbitrary File Download

Jul 15, 2015 Patched in 0.2.4 (3114d)

Version History

WP Attachment Export Release Timeline

v0.3.3Current

v0.3.2

v0.3.1

v0.3

v0.2.4

v0.2.31 CVE

v0.2.21 CVE

v0.2.11 CVE

v0.2.01 CVE

v0.1.01 CVE

Code Analysis

Analyzed Mar 16, 2026

WP Attachment Export Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

67% prepared3 total queries

Output Escaping

0% escaped1 total outputs

Attack Surface

WP Attachment Export Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 3

actionadmin_menuwp-attachment-export.php:22

actionwp_loadedwp-attachment-export.php:23

actionplugins_loadedwp-attachment-export.php:25

Maintenance & Trust

WP Attachment Export Maintenance & Trust

Maintenance Signals

WordPress version tested4.3.34

Last updatedNov 28, 2017

PHP min version

Downloads53K

Community Trust

Rating92/100

Number of ratings19

Active installs700

Alternatives

WP Attachment Export Alternatives

Media Deduper

media-deduper

100

Save disk space and bring some order to the chaos of your media library by removing and preventing duplicate files.

9K No CVEs

WEN Featured Image

wen-featured-image

100

Add featured image column in listings. Add/change/remove featured image directly from the listing page

3K No CVEs

Media Library File Download

media-download

A lightweight plugin that adds one-click download and export functionality to your Media Library.

1K 1 unpatched

Hotlink File Prevention

hotlink-file-prevention

Simple hotlink protection for individual files in the media library.

700 No CVEs

Default Media Uploader View

default-media-uploader-view

Sets "Uploaded to this post" instead of "All media items" as the default view in the media uploader.

500 No CVEs

Developer Profile

WP Attachment Export Developer Profile

Pete

1 plugin · 700 total installs

trust score

Avg Security Score

84/100

Avg Patch Time

3114 days

View full developer profile

Detection Fingerprints

How We Detect WP Attachment Export

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

Data Attributes

name="content"value="attachment"name="post_author"name="attachment_start_date"id="attachment-start-date"name="attachment_end_date"+4 more

FAQ

WP Attachment Export Security & Risk Analysis

Is WP Attachment Export Safe to Use in 2026?

Mostly Safe

Key Concerns

WP Attachment Export Security Vulnerabilities

CVEs by Year

Severity Breakdown

WP Attachment Export Release Timeline

WP Attachment Export Code Analysis

SQL Query Safety

Output Escaping

WP Attachment Export Attack Surface

WP Attachment Export Maintenance & Trust

Maintenance Signals

Community Trust

WP Attachment Export Alternatives

Media Deduper

WEN Featured Image

Media Library File Download

Hotlink File Prevention

Default Media Uploader View

WP Attachment Export Developer Profile

How We Detect WP Attachment Export

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about WP Attachment Export