Media Library Assistant Security Vulnerabilities and Issues — Media Library Assistant CVE List

Lucene search

DavidlingrenMedia Library Assistant

3 matches found

CVE•added 2024/05/22 12:15 a.m.•48 views

CVE-2024-3518

The Media Library Assistant plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode(s) in all versions up to, and including, 3.15 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible f...

8.8CVSS8.7AI score0.00837EPSS

CVE•added 2024/06/20 4:15 a.m.•44 views

CVE-2024-5605

The Media Library Assistant plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order’ parameter within the mla_tag_cloud Shortcode in all versions up to, and including, 3.16 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the ex...

8.8CVSS8.7AI score0.00375EPSS

CVE•added 2024/08/13 6:15 a.m.•40 views

CVE-2024-6823

The Media Library Assistant plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation involving the mla-inline-edit-upload-scripts AJAX action in all versions up to, and including, 3.18. This makes it possible for authenticated attackers, with Author-level acc...

8.8CVSS8.9AI score0.02663EPSS