23 matches found
EUVD-2025-144314
Malicious code in namei-mla-anuu npm...
EUVD-2025-144321
Malicious code in namei-mla-abunubuiau npm...
Malicious code in namei-mla-anuiau (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4a859d09c9b914137d09e3fb42407d39f7ccad5ccd103c092648ada0706971b7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-144317
Malicious code in namei-mla-anubiau npm...
EUVD-2025-144318
Malicious code in namei-mla-anu npm...
EUVD-2025-144320
Malicious code in namei-mla-ainianu npm...
EUVD-2025-144322
Malicious code in namei-mla-abnubuiau npm...
EUVD-2025-144316
Malicious code in namei-mla-anubuiau npm...
EUVD-2025-144319
Malicious code in namei-mla-aninu npm...
EUVD-2025-144315
Malicious code in namei-mla-anuiau npm...
CVE-2025-11738
The Media Library Assistant plugin for WordPress is vulnerable to limited file reading in all versions up to, and including, 3.29 via the mla-stream-image.php file. This makes it possible for unauthenticated attackers to read the contents of arbitrary ai/eps/pdf/ps files on the server, which can...
CVE-2025-11738 Media Library Assistant <= 3.29 - Unauthenticated Limited File Read
The Media Library Assistant plugin for WordPress is vulnerable to limited file reading in all versions up to, and including, 3.29 via the mla-stream-image.php file. This makes it possible for unauthenticated attackers to read the contents of arbitrary ai/eps/pdf/ps files on the server, which can...
CVE-2025-11738 Media Library Assistant <= 3.29 - Unauthenticated Limited File Read
The Media Library Assistant plugin for WordPress is vulnerable to limited file reading in all versions up to, and including, 3.29 via the mla-stream-image.php file. This makes it possible for unauthenticated attackers to read the contents of arbitrary ai/eps/pdf/ps files on the server, which can...
WordPress Media Library Assistant plugin <= 3.18 - Authenticated (Author+) Arbitrary File Upload via mla-inline-edit-upload-scripts AJAX Action vulnerability
Authenticated Author+ Arbitrary File Upload via mla-inline-edit-upload-scripts AJAX Action vulnerability discovered by wesley wcraft in WordPress Plugin Media LIbrary Assistant versions = 3.18...
PT-2024-36685 · WordPress · Media Library Assistant
Name of the Vulnerable Software and Affected Versions: Media Library Assistant plugin for WordPress versions up to, and including, 3.16 Description: The issue allows authenticated attackers with contributor-level access and above to perform time-based SQL Injection via the order parameter within...
CVE-2023-4716
The Media Library Assistant plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'mlagallery' shortcode in versions up to, and including, 3.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2023-4634
The Media Library Assistant plugin for WordPress is vulnerable to Local File Inclusion and Remote Code Execution in versions up to, and including, 3.09. This is due to insufficient controls on file paths being supplied to the 'mlastreamfile' parameter from the /includes/mla-stream-image.php file,...
PT-2023-4919
Name of the Vulnerable Software and Affected Versions Media Library Assistant plugin for WordPress versions up to, and including, 3.09 Description The issue is related to insufficient controls on file paths being supplied to the mla stream file parameter from the /includes/mla-stream-image.php...
VulnCheck KEV: CVE-2020-11732
The Media Library Assistant plugin before 2.82 for Wordpress suffers from a Local File Inclusion vulnerability in mlagallery link=download...
CVE-2020-11732
The Media Library Assistant plugin before 2.82 for Wordpress suffers from a Local File Inclusion vulnerability in mlagallery link=download...