Page 2 of 10 results (0.010 seconds)

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

Unauthenticated Error Log Disclosure vulnerability in Media Library Assistant plugin <= 3.00 on WordPress. Vulnerabilidad de Divulgación de Registro de Errores No Autenticado en el complemento Media Library Assistant en versiones &lt;= 3.00 en WordPress. The Media Library Assistant plugin for WordPress is vulnerable to Sensitive Data Exposure in versions up to, and including, 3.00. This could allow unauthenticated attackers to extract error logs. • https://patchstack.com/database/vulnerability/media-library-assistant/wordpress-media-library-assistant-plugin-3-00-unauthenticated-error-log-disclosure-vulnerability?_s_id=cve https://wordpress.org/plugins/media-library-assistant/#developers • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-532: Insertion of Sensitive Information into Log File •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

The Media Library Assistant plugin before 2.82 for Wordpress suffers from a Local File Inclusion vulnerability in mla_gallery link=download. El plugin Media Library Assistant versiones anteriores a 2.82 para Wordpress, sufre de una vulnerabilidad de Inclusión de Archivo Local en link=download de mla_gallery. • https://wordpress.org/plugins/media-library-assistant/#developers • CWE-73: External Control of File Name or Path •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

The Media Library Assistant plugin before 2.82 for Wordpress suffers from multiple XSS vulnerabilities in all Settings/Media Library Assistant tabs, which allow remote authenticated users to execute arbitrary JavaScript. El plugin Media Library Assistant versiones anteriores a 2.82 para Wordpress, sufre de múltiples vulnerabilidades de tipo XSS en todas las pestañas de Settings/Media de Library Assistant, que permite a usuarios autenticados remotos ejecutar JavaScript arbitrario. • https://wordpress.org/plugins/media-library-assistant/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0

In the media-library-assistant plugin before 2.82 for WordPress, Remote Code Execution can occur via the tax_query, meta_query, or date_query parameter in mla_gallery via an admin. En el plugin media-library-assistant versiones anteriores a 2.82 para WordPress, una Ejecución de Código Remota puede ocurrir por medio de los parámetros tax_query, meta_query, o date_query en la función mla_gallery por medio de un administrador. In the Media Library Assistant plugin before 2.82 for WordPress, Remote Code Execution can occur via the tax_query, meta_query, or date_query parameter in mla_gallery via an admin. • https://wordpress.org/plugins/media-library-assistant/#developers • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

The media-library-assistant plugin before 2.74 for WordPress has XSS via the Media/Assistant or Settings/Media Library assistant admin submenu screens. El plugin media-library-assistant versiones anteriores a 2.74 para WordPress, presenta una vulnerabilidad de tipo XSS por medio de las pantallas del submenú del administrador auxiliar de Media/Assistant o Settings/Media Library . • https://wordpress.org/plugins/media-library-assistant/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •