Media Library Assistant Security Vulnerabilities and Issues — Media Library Assistant CVE List

Lucene search

DavidlingrenMedia Library Assistant

3 matches found

CVE•added 2020/04/20 12:15 a.m.•156 views

CVE-2020-11928

In the media-library-assistant plugin before 2.82 for WordPress, Remote Code Execution can occur via the tax_query, meta_query, or date_query parameter in mla_gallery via an admin.

9.8CVSS9.7AI score0.0755EPSS

CVE•added 2023/09/06 9:15 a.m.•78 views

CVE-2023-4634

The Media Library Assistant plugin for WordPress is vulnerable to Local File Inclusion and Remote Code Execution in versions up to, and including, 3.09. This is due to insufficient controls on file paths being supplied to the 'mla_stream_file' parameter from the ~/includes/mla-stream-image.php file...

9.8CVSS9.7AI score0.92476EPSS

CVE•added 2024/11/04 11:15 a.m.•42 views

CVE-2024-51661

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in David Lingren Media Library Assistant allows Command Injection.This issue affects Media Library Assistant: from n/a through 3.19.

9.1CVSS8.3AI score0.03121EPSS