Filtered by vendor Media Library Assistant Project
Subscribe
Total
6 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-0279 | 1 Media Library Assistant Project | 1 Media Library Assistant | 2023-03-03 | N/A | 7.2 HIGH |
The Media Library Assistant WordPress plugin before 3.06 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin. | |||||
CVE-2022-41618 | 1 Media Library Assistant Project | 1 Media Library Assistant | 2022-11-28 | N/A | 5.3 MEDIUM |
Unauthenticated Error Log Disclosure vulnerability in Media Library Assistant plugin <= 3.00 on WordPress. | |||||
CVE-2020-11732 | 1 Media Library Assistant Project | 1 Media Library Assistant | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
The Media Library Assistant plugin before 2.82 for Wordpress suffers from a Local File Inclusion vulnerability in mla_gallery link=download. | |||||
CVE-2020-11928 | 1 Media Library Assistant Project | 1 Media Library Assistant | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
In the media-library-assistant plugin before 2.82 for WordPress, Remote Code Execution can occur via the tax_query, meta_query, or date_query parameter in mla_gallery via an admin. | |||||
CVE-2020-11731 | 1 Media Library Assistant Project | 1 Media Library Assistant | 2020-04-13 | 4.3 MEDIUM | 6.1 MEDIUM |
The Media Library Assistant plugin before 2.82 for Wordpress suffers from multiple XSS vulnerabilities in all Settings/Media Library Assistant tabs, which allow remote authenticated users to execute arbitrary JavaScript. | |||||
CVE-2018-20982 | 1 Media Library Assistant Project | 1 Media Library Assistant | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
The media-library-assistant plugin before 2.74 for WordPress has XSS via the Media/Assistant or Settings/Media Library assistant admin submenu screens. |