WordPress Media Library Assistant <= 3.34 - SQL Injection

David Lingren Media Library Assistant = 3.34 contains an sql injection caused by improper neutralization of special elements in SQL commands, letting attackers execute arbitrary SQL queries, exploit requires crafted input. id: CVE-2026-34885 info: name: WordPress Media Library Assistant = 3.34 -...

Media Library Assistant < 2.82 - Unauthenticated Limited Local File Inclusion

Media Library Assistant plugin for WordPress before 2.82 contains a local file inclusion caused by unsanitized mlagallery link parameter, letting attackers include arbitrary local files, exploit requires access to the vulnerable link. id: CVE-2020-11732 info: name: Media Library Assistant 2.82 -...

Media Library Assistant < 3.09 - Remote Code Execution/Local File Inclusion

A vulnerability in the Wordpress Media-Library-Assistant plugins in version 3.09 is vulnerable to a local file inclusion which leading to RCE on default Imagegick installation/configuration. id: CVE-2023-4634 info: name: Media Library Assistant 3.09 - Remote Code Execution/Local File Inclusion...

CVE-2026-56012

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in David Lingren Media LIbrary Assistant allows Blind SQL Injection. This issue affects Media LIbrary Assistant: from n/a through 3.35...

EUVD-2026-37895

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in David Lingren Media LIbrary Assistant allows Blind SQL Injection. This issue affects Media LIbrary Assistant: from n/a through 3.35...

CVE-2026-56012

The CVE concerns the WordPress plugin Media Library Assistant (vulnerable from unknown through 3.35). The issue is an SQL Injection due to improper neutralization of special elements in SQL commands, enabling blind SQL injection. Affected component is the plugin’s data handling for user input in ...

CVE-2026-56012

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in David Lingren Media LIbrary Assistant allows Blind SQL Injection. This issue affects Media LIbrary Assistant: from n/a through 3.35...

CVE-2026-56012 WordPress Media LIbrary Assistant plugin <= 3.35 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in David Lingren Media LIbrary Assistant allows Blind SQL Injection. This issue affects Media LIbrary Assistant: from n/a through 3.35...

WordPress Media LIbrary Assistant plugin <= 3.35 - SQL Injection vulnerability

SQL Injection vulnerability discovered by daroo in WordPress Plugin Media LIbrary Assistant versions = 3.35...

CVE-2026-54198

Unauthenticated Cross Site Scripting XSS in Media LIbrary Assistant = 3.35 versions...

CVE-2026-54198

CVE-2026-54198 affects the WordPress Media Library Assistant plugin up to version 3.35. The vulnerability is an unauthenticated cross-site scripting (XSS) in the plugin (reflected XSS per CVE record) with a CVSS 3.1 base score of 7.1 (HIGH). Attack vector: Network; privileges required: NONE; user...

CVE-2026-54198 WordPress Media LIbrary Assistant plugin <= 3.35 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Media LIbrary Assistant = 3.35 versions...

EUVD-2026-37055

Unauthenticated Cross Site Scripting XSS in Media LIbrary Assistant = 3.35 versions...

EUVD-2026-35988

The Schema & Structured Data for WP & AMP WordPress plugin before 1.60 does not check user capabilities on its frontend AJAX file-upload handlers and does not validate the actual content of uploaded files against the endpoint's intended media type, allowing unauthenticated users to upload any fil...

UBUNTU-CVE-2026-52907

In the Linux kernel, the following vulnerability has been resolved: media: rockchip: rkcif: fix off by one bugs Change these comparisons from vs = to avoid accessing one element beyond the end of the arrays. While at it, use ARRAYSIZE instead of the MAX enum values. fix cosmetic issues...

PT-2026-48235

21 zero-day vulnerabilities in FFmpeg, the world’s most widely deployed media processing library, including a critical RCE-capable heap buffer overflow reachable with a single 183-byte network packet. The autonomous agent discovered vulnerabilities spanning the TS demuxer, VP9 decoder, RTP...

CVE-2026-10038

The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to Insecure Direct Object Reference / Authorization Bypass leading to Arbitrary Attachment Deletion in versions up to, and including, 1.8.11.1 via the profile avatar...

EUVD-2026-34927

The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to Insecure Direct Object Reference / Authorization Bypass leading to Arbitrary Attachment Deletion in versions up to, and including, 1.8.11.1 via the profile avatar...

CVE-2026-10038

The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to Insecure Direct Object Reference / Authorization Bypass leading to Arbitrary Attachment Deletion in versions up to, and including, 1.8.11.1 via the profile avatar...

CVE-2026-10038

The Charitable – Donation Plugin for WordPress (Charitable) up to version 1.8.11.1 is affected by an Insecure Direct Object Reference/Authorization Bypass that enables Arbitrary Attachment Deletion via the profile avatar update flow. The issue stems from save_avatar() calling wp_delete_attachment...