4 matches found
CVE-2026-3072
The Media Library Assistant plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the mlaupdatecompatfieldsaction function in all versions up to, and including, 3.33. This makes it possible for authenticated attackers, with Subscriber-level...
CVE-2026-3072 Media Library Assistant <= 3.33 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Attachment Taxonomy Modification
The Media Library Assistant plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the mlaupdatecompatfieldsaction function in all versions up to, and including, 3.33. This makes it possible for authenticated attackers, with Subscriber-level...
CVE-2026-3072
CVE-2026-3072 affects the WordPress plugin Media Library Assistant (MLA) up to and including version 3.33. The vulnerability arises from a missing capability check in mla_update_compat_fields_action(), allowing authenticated attackers with Subscriber-level access or higher to modify taxonomy term...
PT-2026-23135
Name of the Vulnerable Software and Affected Versions Media Library Assistant plugin for WordPress versions prior to 3.34 Description The software is susceptible to unauthorized data modification because of a missing capability check within the mla update compat fields action function...