Media Library Assistant
by WordPress
Source repositories
CVEs (26)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-24385 | 0.00 | — | 0.00 | Oct 17, 2023 | Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in David Lingren Media Library Assistant plugin <= 3.11 versions. | |||
| CVE-2023-34010 | 0.00 | — | 0.00 | Aug 5, 2023 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in submodule of David Lingren Media Library Assistant plugin <= 3.0.7 versions. | |||
| CVE-2023-0279 | 0.00 | — | 0.01 | Feb 27, 2023 | The Media Library Assistant WordPress plugin before 3.06 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin. | |||
| CVE-2022-41618 | 0.00 | — | 0.01 | Nov 18, 2022 | Unauthenticated Error Log Disclosure vulnerability in Media Library Assistant plugin <= 3.00 on WordPress. | |||
| CVE-2020-11731 | 0.00 | — | 0.01 | Apr 13, 2020 | The Media Library Assistant plugin before 2.82 for Wordpress suffers from multiple XSS vulnerabilities in all Settings/Media Library Assistant tabs, which allow remote authenticated users to execute arbitrary JavaScript. | |||
| CVE-2018-20982 | 0.00 | — | 0.01 | Aug 22, 2019 | The media-library-assistant plugin before 2.74 for WordPress has XSS via the Media/Assistant or Settings/Media Library assistant admin submenu screens. |
- CVE-2023-24385Oct 17, 2023risk 0.00cvss —epss 0.00
Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in David Lingren Media Library Assistant plugin <= 3.11 versions.
- CVE-2023-34010Aug 5, 2023risk 0.00cvss —epss 0.00
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in submodule of David Lingren Media Library Assistant plugin <= 3.0.7 versions.
- CVE-2023-0279Feb 27, 2023risk 0.00cvss —epss 0.01
The Media Library Assistant WordPress plugin before 3.06 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.
- CVE-2022-41618Nov 18, 2022risk 0.00cvss —epss 0.01
Unauthenticated Error Log Disclosure vulnerability in Media Library Assistant plugin <= 3.00 on WordPress.
- CVE-2020-11731Apr 13, 2020risk 0.00cvss —epss 0.01
The Media Library Assistant plugin before 2.82 for Wordpress suffers from multiple XSS vulnerabilities in all Settings/Media Library Assistant tabs, which allow remote authenticated users to execute arbitrary JavaScript.
- CVE-2018-20982Aug 22, 2019risk 0.00cvss —epss 0.01
The media-library-assistant plugin before 2.74 for WordPress has XSS via the Media/Assistant or Settings/Media Library assistant admin submenu screens.
Page 2 of 2