Davidlingren Media Library Assistant — known CVE vulnerabilities
Every CVE whose affected-product data names Davidlingren Media Library Assistant, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (19)
CVE-2023-4634 — CVSS 9.8 (critical): The Media Library Assistant plugin for WordPress is vulnerable to Local File Inclusion and Remote Code Execution in versions up to, and…
CVE-2020-11928 — CVSS 9.8 (critical): In the media-library-assistant plugin before 2.82 for WordPress, Remote Code Execution can occur via the tax_query, meta_query, or…
CVE-2024-51661 — CVSS 9.1 (critical): Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in David Lingren Media LIbrary…
CVE-2024-3518 — CVSS 8.8 (high): The Media Library Assistant plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode(s) in all versions up to, and…
CVE-2024-6823 — CVSS 8.8 (high): The Media Library Assistant plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation involving the…
CVE-2024-5605 — CVSS 8.8 (high): The Media Library Assistant plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order’ parameter within the…
CVE-2020-11732 — CVSS 7.5 (high): The Media Library Assistant plugin before 2.82 for Wordpress suffers from a Local File Inclusion vulnerability in mla_gallery link=download.
CVE-2024-2475 — CVSS 6.4 (medium): The Media Library Assistant plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions…
CVE-2025-7035 — CVSS 6.4 (medium): The Media Library Assistant plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mla_tag_cloud and…
CVE-2023-4716 — CVSS 6.4 (medium): The Media Library Assistant plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'mla_gallery' shortcode in versions…
CVE-2024-2871 — CVSS 6.4 (medium): The Media Library Assistant plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode(s) in all versions up to, and…
CVE-2024-11974 — CVSS 6.1 (medium): The Media Library Assistant plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘smc_settings_tab'…
CVE-2020-11731 — CVSS 6.1 (medium): The Media Library Assistant plugin before 2.82 for Wordpress suffers from multiple XSS vulnerabilities in all Settings/Media Library…
CVE-2018-20982 — CVSS 6.1 (medium): The media-library-assistant plugin before 2.74 for WordPress has XSS via the Media/Assistant or Settings/Media Library assistant admin…
CVE-2024-3519 — CVSS 6.1 (medium): The Media Library Assistant plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the lang parameter in all versions up…
CVE-2024-5544 — CVSS 6.1 (medium): The Media Library Assistant plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the order parameter in all versions up…
CVE-2023-24385 — CVSS 5.9 (medium): Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in David Lingren Media Library Assistant plugin <= 3.11 versions.
CVE-2023-34010 — CVSS 5.8 (medium): Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in submodule of David Lingren Media Library Assistant plugin <= 3.0.7 versions.
CVE-2022-41618 — CVSS 3.7 (low): Unauthenticated Error Log Disclosure vulnerability in Media Library Assistant plugin <= 3.00 on WordPress.