3 matches found
CVE-2024-5605
The Media Library Assistant plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order’ parameter within the mlatagcloud Shortcode in all versions up to, and including, 3.16 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...
CVE-2024-5605 Media Library Assistant <= 3.16 - Authenticated (Contributor+) SQL Injection via order Parameter
The Media Library Assistant plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order’ parameter within the mlatagcloud Shortcode in all versions up to, and including, 3.16 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...
WordPress Media Library Assistant Plugin <= 3.16 is vulnerable to SQL Injection
Software Media Library Assistant Type Plugin Vulnerable versions = 3.16 Fixed in 3.17 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-5605 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID a2ffbb62fd66 Credits Krzysztof Zając Required privilege Contribut...