Media Library Assistant Security Vulnerabilities and Issues — Media Library Assistant CVE List

Lucene search

DavidlingrenMedia Library Assistant

8 matches found

CVE•added 2024/04/09 7:15 p.m.•50 views

CVE-2024-2871

The Media Library Assistant plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode(s) in all versions up to, and including, 3.13 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible f...

7.7CVSS9.3AI score0.00215EPSS

CVE•added 2024/03/29 5:15 a.m.•49 views

CVE-2024-2475

The Media Library Assistant plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.13 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attac...

6.4CVSS7.6AI score0.00167EPSS

CVE•added 2024/05/22 12:15 a.m.•48 views

CVE-2024-3518

The Media Library Assistant plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode(s) in all versions up to, and including, 3.15 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible f...

8.8CVSS8.7AI score0.00837EPSS

CVE•added 2024/05/22 12:15 a.m.•45 views

CVE-2024-3519

The Media Library Assistant plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the lang parameter in all versions up to, and including, 3.15 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

6.1CVSS6.2AI score0.00736EPSS

CVE•added 2024/07/02 8:15 a.m.•44 views

CVE-2024-5544

The Media Library Assistant plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the order parameter in all versions up to, and including, 3.17 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary we...

6.1CVSS6.2AI score0.00609EPSS

CVE•added 2024/06/20 4:15 a.m.•44 views

CVE-2024-5605

The Media Library Assistant plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order’ parameter within the mla_tag_cloud Shortcode in all versions up to, and including, 3.16 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the ex...

8.8CVSS8.7AI score0.00276EPSS

CVE•added 2024/11/04 11:15 a.m.•42 views

CVE-2024-51661

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in David Lingren Media Library Assistant allows Command Injection.This issue affects Media Library Assistant: from n/a through 3.19.

9.1CVSS8.3AI score0.03121EPSS

CVE•added 2024/08/13 6:15 a.m.•40 views

CVE-2024-6823

The Media Library Assistant plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation involving the mla-inline-edit-upload-scripts AJAX action in all versions up to, and including, 3.18. This makes it possible for authenticated attackers, with Author-level acc...

8.8CVSS8.9AI score0.02663EPSS