CVE-2022-41618 – WordPress Media Library Assistant plugin <= 3.00 - Unauthenticated Error Log Disclosure vulnerability
https://notcve.org/view.php?id=CVE-2022-41618
Unauthenticated Error Log Disclosure vulnerability in Media Library Assistant plugin <= 3.00 on WordPress. Vulnerabilidad de Divulgación de Registro de Errores No Autenticado en el complemento Media Library Assistant en versiones <= 3.00 en WordPress. The Media Library Assistant plugin for WordPress is vulnerable to Sensitive Data Exposure in versions up to, and including, 3.00. This could allow unauthenticated attackers to extract error logs. • https://patchstack.com/database/vulnerability/media-library-assistant/wordpress-media-library-assistant-plugin-3-00-unauthenticated-error-log-disclosure-vulnerability?_s_id=cve https://wordpress.org/plugins/media-library-assistant/#developers • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-532: Insertion of Sensitive Information into Log File •
CVE-2020-11732 – Media Library Assistant <= 2.81 - Local File Inclusion
https://notcve.org/view.php?id=CVE-2020-11732
The Media Library Assistant plugin before 2.82 for Wordpress suffers from a Local File Inclusion vulnerability in mla_gallery link=download. El plugin Media Library Assistant versiones anteriores a 2.82 para Wordpress, sufre de una vulnerabilidad de Inclusión de Archivo Local en link=download de mla_gallery. • https://wordpress.org/plugins/media-library-assistant/#developers • CWE-73: External Control of File Name or Path •
CVE-2020-11731 – Media Library Assistant <= 2.81 - Authenticated Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2020-11731
The Media Library Assistant plugin before 2.82 for Wordpress suffers from multiple XSS vulnerabilities in all Settings/Media Library Assistant tabs, which allow remote authenticated users to execute arbitrary JavaScript. El plugin Media Library Assistant versiones anteriores a 2.82 para Wordpress, sufre de múltiples vulnerabilidades de tipo XSS en todas las pestañas de Settings/Media de Library Assistant, que permite a usuarios autenticados remotos ejecutar JavaScript arbitrario. • https://wordpress.org/plugins/media-library-assistant/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-11928 – Media Library Assistant <= 2.81 - Remote Code Execution via tax_query, meta_query, date_query Parameters
https://notcve.org/view.php?id=CVE-2020-11928
In the media-library-assistant plugin before 2.82 for WordPress, Remote Code Execution can occur via the tax_query, meta_query, or date_query parameter in mla_gallery via an admin. En el plugin media-library-assistant versiones anteriores a 2.82 para WordPress, una Ejecución de Código Remota puede ocurrir por medio de los parámetros tax_query, meta_query, o date_query en la función mla_gallery por medio de un administrador. In the Media Library Assistant plugin before 2.82 for WordPress, Remote Code Execution can occur via the tax_query, meta_query, or date_query parameter in mla_gallery via an admin. • https://wordpress.org/plugins/media-library-assistant/#developers • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2018-20982 – Media Library Assistant <= 2.73 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-20982
The media-library-assistant plugin before 2.74 for WordPress has XSS via the Media/Assistant or Settings/Media Library assistant admin submenu screens. El plugin media-library-assistant versiones anteriores a 2.74 para WordPress, presenta una vulnerabilidad de tipo XSS por medio de las pantallas del submenú del administrador auxiliar de Media/Assistant o Settings/Media Library . • https://wordpress.org/plugins/media-library-assistant/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •