Page 4 of 17 results (0.004 seconds)

CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0

In the media-library-assistant plugin before 2.82 for WordPress, Remote Code Execution can occur via the tax_query, meta_query, or date_query parameter in mla_gallery via an admin. En el plugin media-library-assistant versiones anteriores a 2.82 para WordPress, una Ejecución de Código Remota puede ocurrir por medio de los parámetros tax_query, meta_query, o date_query en la función mla_gallery por medio de un administrador. In the Media Library Assistant plugin before 2.82 for WordPress, Remote Code Execution can occur via the tax_query, meta_query, or date_query parameter in mla_gallery via an admin. • https://wordpress.org/plugins/media-library-assistant/#developers • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

The media-library-assistant plugin before 2.74 for WordPress has XSS via the Media/Assistant or Settings/Media Library assistant admin submenu screens. El plugin media-library-assistant versiones anteriores a 2.74 para WordPress, presenta una vulnerabilidad de tipo XSS por medio de las pantallas del submenú del administrador auxiliar de Media/Assistant o Settings/Media Library . • https://wordpress.org/plugins/media-library-assistant/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •