CVE-2020-11731 – Media Library Assistant <= 2.81 - Authenticated Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2020-11731
The Media Library Assistant plugin before 2.82 for Wordpress suffers from multiple XSS vulnerabilities in all Settings/Media Library Assistant tabs, which allow remote authenticated users to execute arbitrary JavaScript. El plugin Media Library Assistant versiones anteriores a 2.82 para Wordpress, sufre de múltiples vulnerabilidades de tipo XSS en todas las pestañas de Settings/Media de Library Assistant, que permite a usuarios autenticados remotos ejecutar JavaScript arbitrario. • https://wordpress.org/plugins/media-library-assistant/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-20982 – Media Library Assistant <= 2.73 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-20982
The media-library-assistant plugin before 2.74 for WordPress has XSS via the Media/Assistant or Settings/Media Library assistant admin submenu screens. El plugin media-library-assistant versiones anteriores a 2.74 para WordPress, presenta una vulnerabilidad de tipo XSS por medio de las pantallas del submenú del administrador auxiliar de Media/Assistant o Settings/Media Library . • https://wordpress.org/plugins/media-library-assistant/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •