Davidlingren

Media Library Assistant

22 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2025-63065

  • EPSS 0.04%
  • Veröffentlicht 09.12.2025 14:52:34
  • Zuletzt bearbeitet 17.02.2026 10:15:57

Authorization Bypass Through User-Controlled Key vulnerability in David Lingren Media LIbrary Assistant allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Media LIbrary Assistant: from n/a through 3.29.

5.9

CVE-2025-59590

  • EPSS 0.03%
  • Veröffentlicht 22.09.2025 19:16:27
  • Zuletzt bearbeitet 22.09.2025 21:22:16

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in David Lingren Media Library Assistant allows Stored XSS. This issue affects Media Library Assistant: from n/a through 3.28.

5.4

CVE-2025-7035

  • EPSS 0.04%
  • Veröffentlicht 16.07.2025 09:22:56
  • Zuletzt bearbeitet 23.07.2025 19:14:56

The Media Library Assistant plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mla_tag_cloud and mla_term_list shortcodes in all versions up to, and including, 3.26 due to insufficient input sanitization and output esc...

5.9

CVE-2025-31627

  • EPSS 0.17%
  • Veröffentlicht 31.03.2025 13:15:57
  • Zuletzt bearbeitet 01.04.2025 20:26:30

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in David Lingren Media Library Assistant allows Stored XSS. This issue affects Media Library Assistant: from n/a through 3.24.

6.1

CVE-2024-11974

  • EPSS 1.07%
  • Veröffentlicht 04.01.2025 08:15:05
  • Zuletzt bearbeitet 31.03.2025 14:00:33

The Media Library Assistant plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘smc_settings_tab', 'unattachfixit-action', and 'woofixit-action’ parameters in all versions up to, and including, 3.23 due to insufficient input...

7.2

CVE-2024-51661

  • EPSS 2.06%
  • Veröffentlicht 04.11.2024 11:15:06
  • Zuletzt bearbeitet 08.11.2024 15:02:08

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in David Lingren Media Library Assistant allows Command Injection.This issue affects Media Library Assistant: from n/a through 3.19.

8.8

CVE-2024-6823

  • EPSS 11.84%
  • Veröffentlicht 13.08.2024 06:15:05
  • Zuletzt bearbeitet 07.02.2025 19:13:03

The Media Library Assistant plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation involving the mla-inline-edit-upload-scripts AJAX action in all versions up to, and including, 3.18. This makes it possible f...

6.1

CVE-2024-5544

  • EPSS 1.3%
  • Veröffentlicht 02.07.2024 08:15:06
  • Zuletzt bearbeitet 21.11.2024 09:47:53

The Media Library Assistant plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the order parameter in all versions up to, and including, 3.17 due to insufficient input sanitization and output escaping. This makes it possible for...

8.8

CVE-2024-5605

  • EPSS 0.7%
  • Veröffentlicht 20.06.2024 04:15:18
  • Zuletzt bearbeitet 21.11.2024 09:48:00

The Media Library Assistant plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order’ parameter within the mla_tag_cloud Shortcode in all versions up to, and including, 3.16 due to insufficient escaping on the user supplied param...

6.5

CVE-2024-3518

  • EPSS 1.13%
  • Veröffentlicht 22.05.2024 00:15:08
  • Zuletzt bearbeitet 07.02.2025 19:10:44

The Media Library Assistant plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode(s) in all versions up to, and including, 3.15 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on...