CVE-2023-4634
- EPSS 82.59%
- Veröffentlicht 06.09.2023 09:15:08
- Zuletzt bearbeitet 08.04.2026 17:17:03
The Media Library Assistant plugin for WordPress is vulnerable to Local File Inclusion and Remote Code Execution in versions up to, and including, 3.09. This is due to insufficient controls on file paths being supplied to the 'mla_stream_file' parame...
CVE-2023-34010
- EPSS 0.32%
- Veröffentlicht 05.08.2023 23:15:11
- Zuletzt bearbeitet 21.11.2024 08:06:23
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in submodule of David Lingren Media Library Assistant plugin <= 3.0.7 versions.
CVE-2022-41618
- EPSS 0.53%
- Veröffentlicht 18.11.2022 23:15:25
- Zuletzt bearbeitet 21.11.2024 07:23:30
Unauthenticated Error Log Disclosure vulnerability in Media Library Assistant plugin <= 3.00 on WordPress.
CVE-2020-11928
- EPSS 3.56%
- Veröffentlicht 20.04.2020 00:15:10
- Zuletzt bearbeitet 21.11.2024 04:58:55
In the media-library-assistant plugin before 2.82 for WordPress, Remote Code Execution can occur via the tax_query, meta_query, or date_query parameter in mla_gallery via an admin.
CVE-2020-11732
- EPSS 4.92%
- Veröffentlicht 13.04.2020 02:15:10
- Zuletzt bearbeitet 21.11.2024 04:58:30
The Media Library Assistant plugin before 2.82 for Wordpress suffers from a Local File Inclusion vulnerability in mla_gallery link=download.
CVE-2020-11731
- EPSS 1.15%
- Veröffentlicht 13.04.2020 02:15:10
- Zuletzt bearbeitet 21.11.2024 04:58:30
The Media Library Assistant plugin before 2.82 for Wordpress suffers from multiple XSS vulnerabilities in all Settings/Media Library Assistant tabs, which allow remote authenticated users to execute arbitrary JavaScript.
CVE-2018-20982
- EPSS 0.92%
- Veröffentlicht 22.08.2019 13:15:12
- Zuletzt bearbeitet 21.11.2024 04:02:37
The media-library-assistant plugin before 2.74 for WordPress has XSS via the Media/Assistant or Settings/Media Library assistant admin submenu screens.