CVE-2024-6823 – Media Library Assistant <= 3.18 - Authenticated (Author+) Arbitrary File Upload via mla-inline-edit-upload-scripts AJAX Action
https://notcve.org/view.php?id=CVE-2024-6823
The Media Library Assistant plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation involving the mla-inline-edit-upload-scripts AJAX action in all versions up to, and including, 3.18. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://plugins.trac.wordpress.org/browser/media-library-assistant/trunk/includes/class-mla-settings.php#L32 https://plugins.trac.wordpress.org/changeset/3133909 https://wordpress.org/plugins/media-library-assistant/#developers https://www.wordfence.com/threat-intel/vulnerabilities/id/9a446fe7-c97a-436e-b494-b924e6518297?source=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2024-5544 – Media Library Assistant <= 3.17 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-5544
The Media Library Assistant plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the order parameter in all versions up to, and including, 3.17 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. El complemento Media Library Assistant para WordPress es vulnerable a Cross-Site Scripting Reflejado a través del parámetro de orden en todas las versiones hasta la 3.17 incluida debido a una sanitización de entrada y un escape de salida insuficientes. Esto hace posible que atacantes no autenticados inyecten scripts web arbitrarios en páginas que se ejecutan si logran engañar a un usuario para que realice una acción como hacer clic en un enlace. • https://plugins.trac.wordpress.org/changeset/3110092 https://www.wordfence.com/threat-intel/vulnerabilities/id/cf0c34d3-5c7d-43a5-9430-2ebdc155123f?source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-5605 – Media Library Assistant <= 3.16 - Authenticated (Contributor+) SQL Injection via order Parameter
https://notcve.org/view.php?id=CVE-2024-5605
The Media Library Assistant plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order’ parameter within the mla_tag_cloud Shortcode in all versions up to, and including, 3.16 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. El complemento Media Library Assistant para WordPress es vulnerable a la inyección SQL basada en tiempo a través del parámetro 'order' dentro del código corto mla_tag_cloud en todas las versiones hasta la 3.16 incluida debido a un escape insuficiente en el parámetro proporcionado por el usuario y a la falta de preparación suficiente en la consulta SQL existente. Esto hace posible que los atacantes autenticados, con acceso de nivel de colaborador y superior, agreguen consultas SQL adicionales a consultas ya existentes que pueden usarse para extraer información confidencial de la base de datos. • https://plugins.trac.wordpress.org/browser/media-library-assistant/trunk/includes/class-mla-shortcode-support.php#L2783 https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3098232%40media-library-assistant&new=3098232%40media-library-assistant&sfp_email=&sfph_mail= https://wordpress.org/plugins/media-library-assistant/#developers https://www.wordfence.com/threat-intel/vulnerabilities/id/3ba8a9f5-0633-4cf0-af27-5466d93e9020?source=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2024-3519 – Media Library Assistant <= 3.15 - Reflected Cross-Site Scripting via lang
https://notcve.org/view.php?id=CVE-2024-3519
The Media Library Assistant plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the lang parameter in all versions up to, and including, 3.15 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. El complemento Media Library Assistant para WordPress es vulnerable a Cross-Site Scripting Reflejado a través del parámetro lang en todas las versiones hasta la 3.15 incluida debido a una sanitización de entrada y un escape de salida insuficientes. Esto hace posible que atacantes no autenticados inyecten scripts web arbitrarios en páginas que se ejecutan si logran engañar a un usuario para que realice una acción como hacer clic en un enlace. • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3069819%40media-library-assistant%2Ftrunk&old=3060779%40media-library-assistant%2Ftrunk&sfp_email=&sfph_mail=#file3 https://www.wordfence.com/threat-intel/vulnerabilities/id/7e1cdaf3-76fe-4b73-b30b-4554f0d34d11?source=cve • CWE-87: Improper Neutralization of Alternate XSS Syntax •
CVE-2024-3518 – Media Library Assistant <= 3.15 - Authenticated (Contributor+) SQL Injection via Shortcode
https://notcve.org/view.php?id=CVE-2024-3518
The Media Library Assistant plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode(s) in all versions up to, and including, 3.15 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor access or higher, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. El complemento Media Library Assistant para WordPress es vulnerable a la inyección SQL a través de los códigos cortos del complemento en todas las versiones hasta la 3.15 incluida debido a un escape insuficiente en el parámetro proporcionado por el usuario y a la falta de preparación suficiente en la consulta SQL existente. Esto hace posible que atacantes autenticados, con acceso de colaborador o superior, agreguen consultas SQL adicionales a consultas ya existentes que pueden usarse para extraer información confidencial de la base de datos. • https://plugins.trac.wordpress.org/browser/media-library-assistant/trunk/includes/class-mla-shortcode-custom-list.php#L1971 https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3069819%40media-library-assistant%2Ftrunk&old=3060779%40media-library-assistant%2Ftrunk&sfp_email=&sfph_mail=#file3 https://www.wordfence.com/threat-intel/vulnerabilities/id/a7af1a03-8382-4593-a41f-8cdb1bb9e53b?source=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •