Title: Security compromised
Last modified: June 26, 2025

---

# Security compromised

 *  [nicubunu](https://wordpress.org/support/users/nicubunu/)
 * (@nicubunu)
 * [11 months, 2 weeks ago](https://wordpress.org/support/topic/security-compromised-2/)
 * Our hosting reported this plugin is vulnerable and asked us to disable/replace
   it immediately. Info about vulnerability: [https://nvd.nist.gov/vuln/detail/CVE-2025-49995](https://nvd.nist.gov/vuln/detail/CVE-2025-49995)
 * Any plans for an update to fix it?

Viewing 2 replies - 1 through 2 (of 2 total)

 *  Plugin Author [dFactory](https://wordpress.org/support/users/dfactory/)
 * (@dfactory)
 * [11 months, 2 weeks ago](https://wordpress.org/support/topic/security-compromised-2/#post-18536953)
 * We’ve been reported this.
 * Thing is it’s not a security issue but a plugin feature that can be easilly changed
   with one option that exists in the plugin. It’s about downloading an attachment
   by numeric id. We’ve explained them that that is a core plugin feature, but if
   you don’t like it this way and there is an option to switch from numeric to unique
   encrypted id (which can’t be identified).
 * They ignored these explanations – did not reply to our email and marked the plugin
   as having security issues.
 *  Thread Starter [nicubunu](https://wordpress.org/support/users/nicubunu/)
 * (@nicubunu)
 * [11 months, 2 weeks ago](https://wordpress.org/support/topic/security-compromised-2/#post-18537347)
 * This is on a couple of government websites, we aren’t allowed to run software
   with open CVEs. I will have to remove the plugin and maybe look for an alternative.

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Security compromised’ is closed to new replies.

 * ![](https://ps.w.org/download-attachments/assets/icon-256x256.png?rev=1018456)
 * [Download Attachments](https://wordpress.org/plugins/download-attachments/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/download-attachments/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/download-attachments/)
 * [Active Topics](https://wordpress.org/support/plugin/download-attachments/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/download-attachments/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/download-attachments/reviews/)

 * 2 replies
 * 3 participants
 * Last reply from: [nicubunu](https://wordpress.org/support/users/nicubunu/)
 * Last activity: [11 months, 2 weeks ago](https://wordpress.org/support/topic/security-compromised-2/#post-18537347)
 * Status: not resolved