EUVD-2020-4265

Malware in sbrugna...

CVE-2020-11928

In the media-library-assistant plugin before 2.82 for WordPress, Remote Code Execution can occur via the taxquery, metaquery, or datequery parameter in mlagallery via an admin...

CVE-2024-3518

The Media Library Assistant plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcodes in all versions up to, and including, 3.15 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible f...

CVE-2023-24385

CVE-2023-24385 affects the WordPress Med ia Library Assistant plugin (author+ stored XSS) up to version 3.11. Root cause: insufficient escaping/validation of input leading to stored XSS when an authenticated user with author role submits data. Impact: stored cross-site scripting potential; can af...

CVE-2023-4634

The Media Library Assistant plugin for WordPress is vulnerable to Local File Inclusion and Remote Code Execution in versions up to, and including, 3.09. This is due to insufficient controls on file paths being supplied to the 'mlastreamfile' parameter from the /includes/mla-stream-image.php file,...

CVE-2022-41618 WordPress Media Library Assistant plugin <= 3.00 - Unauthenticated Error Log Disclosure vulnerability

Unauthenticated Error Log Disclosure vulnerability in Media Library Assistant plugin = 3.00 on WordPress...

CVE-2018-20982

The CVE concerns the WordPress plugin Media Library Assistant, affected in versions prior to 2.74. The issue is a cross-site scripting (XSS) vulnerability via the Media/Assistant or Settings/Media Library Assistant admin submenu screens, due to the underlying handling in those interfaces. Impact ...