CVE-2020-11928 – Media Library Assistant <= 2.81 - Remote Code Execution via tax_query, meta_query, date_query Parameters
https://notcve.org/view.php?id=CVE-2020-11928
In the media-library-assistant plugin before 2.82 for WordPress, Remote Code Execution can occur via the tax_query, meta_query, or date_query parameter in mla_gallery via an admin. En el plugin media-library-assistant versiones anteriores a 2.82 para WordPress, una Ejecución de Código Remota puede ocurrir por medio de los parámetros tax_query, meta_query, o date_query en la función mla_gallery por medio de un administrador. In the Media Library Assistant plugin before 2.82 for WordPress, Remote Code Execution can occur via the tax_query, meta_query, or date_query parameter in mla_gallery via an admin. • https://wordpress.org/plugins/media-library-assistant/#developers • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2018-20982 – Media Library Assistant <= 2.73 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-20982
The media-library-assistant plugin before 2.74 for WordPress has XSS via the Media/Assistant or Settings/Media Library assistant admin submenu screens. El plugin media-library-assistant versiones anteriores a 2.74 para WordPress, presenta una vulnerabilidad de tipo XSS por medio de las pantallas del submenú del administrador auxiliar de Media/Assistant o Settings/Media Library . • https://wordpress.org/plugins/media-library-assistant/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •