Davidlingren

Media Library Assistant

27 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.2

CVE-2024-51661

  • EPSS 1.09%
  • Veröffentlicht 04.11.2024 11:15:06
  • Zuletzt bearbeitet 23.04.2026 15:20:30

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in David Lingren Media LIbrary Assistant media-library-assistant allows Command Injection.This issue affects Media LIbrary Assistant: from n/a th...

8.8

CVE-2024-6823

  • EPSS 1.3%
  • Veröffentlicht 13.08.2024 06:15:05
  • Zuletzt bearbeitet 07.02.2025 19:13:03

The Media Library Assistant plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation involving the mla-inline-edit-upload-scripts AJAX action in all versions up to, and including, 3.18. This makes it possible f...

6.1

CVE-2024-5544

  • EPSS 0.36%
  • Veröffentlicht 02.07.2024 08:15:06
  • Zuletzt bearbeitet 08.04.2026 19:21:57

The Media Library Assistant plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the order parameter in all versions up to, and including, 3.17 due to insufficient input sanitization and output escaping. This makes it possible for...

8.8

CVE-2024-5605

  • EPSS 0.58%
  • Veröffentlicht 20.06.2024 04:15:18
  • Zuletzt bearbeitet 08.04.2026 18:22:09

The Media Library Assistant plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order’ parameter within the mla_tag_cloud Shortcode in all versions up to, and including, 3.16 due to insufficient escaping on the user supplied param...

6.1

CVE-2024-3519

  • EPSS 0.33%
  • Veröffentlicht 22.05.2024 00:15:08
  • Zuletzt bearbeitet 08.04.2026 18:21:26

The Media Library Assistant plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the lang parameter in all versions up to, and including, 3.15 due to insufficient input sanitization and output escaping. This makes it possible for ...

6.5

CVE-2024-3518

  • EPSS 0.53%
  • Veröffentlicht 22.05.2024 00:15:08
  • Zuletzt bearbeitet 08.04.2026 19:21:21

The Media Library Assistant plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode(s) in all versions up to, and including, 3.15 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on...

7.7

CVE-2024-2871

  • EPSS 0.49%
  • Veröffentlicht 09.04.2024 19:15:38
  • Zuletzt bearbeitet 08.04.2026 18:21:15

The Media Library Assistant plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode(s) in all versions up to, and including, 3.13 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on...

5.4

CVE-2024-2475

  • EPSS 0.44%
  • Veröffentlicht 29.03.2024 05:15:46
  • Zuletzt bearbeitet 08.04.2026 18:21:06

The Media Library Assistant plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.13 due to insufficient input sanitization and output escaping on user supplied attribute...

4.8

CVE-2023-24385

  • EPSS 0.34%
  • Veröffentlicht 17.10.2023 09:15:09
  • Zuletzt bearbeitet 21.11.2024 07:47:45

Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in David Lingren Media Library Assistant plugin <= 3.11 versions.

5.4

CVE-2023-4716

  • EPSS 0.47%
  • Veröffentlicht 22.09.2023 06:15:11
  • Zuletzt bearbeitet 08.04.2026 19:18:33

The Media Library Assistant plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'mla_gallery' shortcode in versions up to, and including, 3.10 due to insufficient input sanitization and output escaping on user supplied attribute...