Davidlingren

Media Library Assistant

25 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2024-5544

  • EPSS 1.3%
  • Veröffentlicht 02.07.2024 08:15:06
  • Zuletzt bearbeitet 08.04.2026 19:21:57

The Media Library Assistant plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the order parameter in all versions up to, and including, 3.17 due to insufficient input sanitization and output escaping. This makes it possible for...

8.8

CVE-2024-5605

  • EPSS 0.7%
  • Veröffentlicht 20.06.2024 04:15:18
  • Zuletzt bearbeitet 08.04.2026 18:22:09

The Media Library Assistant plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order’ parameter within the mla_tag_cloud Shortcode in all versions up to, and including, 3.16 due to insufficient escaping on the user supplied param...

6.1

CVE-2024-3519

  • EPSS 1.99%
  • Veröffentlicht 22.05.2024 00:15:08
  • Zuletzt bearbeitet 08.04.2026 18:21:26

The Media Library Assistant plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the lang parameter in all versions up to, and including, 3.15 due to insufficient input sanitization and output escaping. This makes it possible for ...

6.5

CVE-2024-3518

  • EPSS 1.13%
  • Veröffentlicht 22.05.2024 00:15:08
  • Zuletzt bearbeitet 08.04.2026 19:21:21

The Media Library Assistant plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode(s) in all versions up to, and including, 3.15 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on...

7.7

CVE-2024-2871

  • EPSS 0.29%
  • Veröffentlicht 09.04.2024 19:15:38
  • Zuletzt bearbeitet 08.04.2026 18:21:15

The Media Library Assistant plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode(s) in all versions up to, and including, 3.13 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on...

5.4

CVE-2024-2475

  • EPSS 0.23%
  • Veröffentlicht 29.03.2024 05:15:46
  • Zuletzt bearbeitet 08.04.2026 18:21:06

The Media Library Assistant plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.13 due to insufficient input sanitization and output escaping on user supplied attribute...

4.8

CVE-2023-24385

  • EPSS 0.06%
  • Veröffentlicht 17.10.2023 09:15:09
  • Zuletzt bearbeitet 21.11.2024 07:47:45

Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in David Lingren Media Library Assistant plugin <= 3.11 versions.

5.4

CVE-2023-4716

  • EPSS 0.13%
  • Veröffentlicht 22.09.2023 06:15:11
  • Zuletzt bearbeitet 08.04.2026 19:18:33

The Media Library Assistant plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'mla_gallery' shortcode in versions up to, and including, 3.10 due to insufficient input sanitization and output escaping on user supplied attribute...

9.8

CVE-2023-4634

Exploit
  • EPSS 92.06%
  • Veröffentlicht 06.09.2023 09:15:08
  • Zuletzt bearbeitet 08.04.2026 17:17:03

The Media Library Assistant plugin for WordPress is vulnerable to Local File Inclusion and Remote Code Execution in versions up to, and including, 3.09. This is due to insufficient controls on file paths being supplied to the 'mla_stream_file' parame...

6.1

CVE-2023-34010

  • EPSS 0.08%
  • Veröffentlicht 05.08.2023 23:15:11
  • Zuletzt bearbeitet 21.11.2024 08:06:23

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in submodule of David Lingren Media Library Assistant plugin  <= 3.0.7 versions.