Davidlingren

Media Library Assistant

25 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2026-34897

  • EPSS 0.03%
  • Veröffentlicht 06.04.2026 14:50:48
  • Zuletzt bearbeitet 07.04.2026 13:20:35

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in David Lingren Media LIbrary Assistant allows Stored XSS.This issue affects Media LIbrary Assistant: from n/a through 3.34.

8.5

CVE-2026-34885

  • EPSS 5.71%
  • Veröffentlicht 06.04.2026 14:47:31
  • Zuletzt bearbeitet 07.04.2026 13:20:35

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David Lingren Media LIbrary Assistant allows SQL Injection.This issue affects Media LIbrary Assistant: from n/a through 3.34.

8.5

CVE-2026-32399

  • EPSS 0.03%
  • Veröffentlicht 13.03.2026 11:42:12
  • Zuletzt bearbeitet 16.03.2026 14:53:46

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David Lingren Media LIbrary Assistant media-library-assistant allows Blind SQL Injection.This issue affects Media LIbrary Assistant: from n/a throug...

5.4

CVE-2025-63065

  • EPSS 0.05%
  • Veröffentlicht 09.12.2025 14:52:34
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Authorization Bypass Through User-Controlled Key vulnerability in David Lingren Media LIbrary Assistant media-library-assistant allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Media LIbrary Assistant: from n...

5.9

CVE-2025-59590

  • EPSS 0.03%
  • Veröffentlicht 22.09.2025 19:16:27
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in David Lingren Media LIbrary Assistant media-library-assistant allows Stored XSS.This issue affects Media LIbrary Assistant: from n/a through <= 3.28...

5.4

CVE-2025-7035

  • EPSS 0.06%
  • Veröffentlicht 16.07.2025 09:22:56
  • Zuletzt bearbeitet 23.07.2025 19:14:56

The Media Library Assistant plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mla_tag_cloud and mla_term_list shortcodes in all versions up to, and including, 3.26 due to insufficient input sanitization and output esc...

5.9

CVE-2025-31627

  • EPSS 0.14%
  • Veröffentlicht 31.03.2025 13:15:57
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in David Lingren Media LIbrary Assistant media-library-assistant allows Stored XSS.This issue affects Media LIbrary Assistant: from n/a through <= 3.24...

6.1

CVE-2024-11974

  • EPSS 1.41%
  • Veröffentlicht 04.01.2025 08:15:05
  • Zuletzt bearbeitet 31.03.2025 14:00:33

The Media Library Assistant plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘smc_settings_tab', 'unattachfixit-action', and 'woofixit-action’ parameters in all versions up to, and including, 3.23 due to insufficient input...

7.2

CVE-2024-51661

  • EPSS 1.45%
  • Veröffentlicht 04.11.2024 11:15:06
  • Zuletzt bearbeitet 01.04.2026 16:19:33

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in David Lingren Media LIbrary Assistant media-library-assistant allows Command Injection.This issue affects Media LIbrary Assistant: from n/a th...

8.8

CVE-2024-6823

  • EPSS 11.84%
  • Veröffentlicht 13.08.2024 06:15:05
  • Zuletzt bearbeitet 07.02.2025 19:13:03

The Media Library Assistant plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation involving the mla-inline-edit-upload-scripts AJAX action in all versions up to, and including, 3.18. This makes it possible f...