Media LIbrary Assistant
David Lingren
Developer
3.35
Latest version
70,000
Installations
No date
Last updated
Vulnerability history
0 present
27 patched
12 Mitigation rules
- Missing Authorization to Authenticated (Subscriber+) Arbitrary Attachment Taxonomy Modification vulnerability<= 3.3304/03/2026
- SQL Injection vulnerability<= 3.3220/02/2026
- Unauthenticated Limited File Read vulnerability<= 3.2918/10/2025
- Broken Access Control vulnerability<= 3.2909/10/2025
- Cross Site Scripting (XSS) Vulnerability<= 3.2822/09/2025
- Authenticated (Author+) Limited File Deletion vulnerability<= 3.2718/08/2025
- Authenticated (Contributor+) Stored Cross-Site Scripting via mla_tag_cloud and mla_term_list Shortcodes vulnerability<= 3.2616/07/2025
- Stored Cross Site Scripting (XSS) vulnerability<= 3.2431/03/2025
- Reflected Cross-Site Scripting vulnerability<= 3.2303/01/2025
- Remote Code Execution (RCE) vulnerability<= 3.1901/11/2024
- Authenticated (Author+) Arbitrary File Upload via mla-inline-edit-upload-scripts AJAX Action vulnerability<= 3.1813/08/2024
- Reflected Cross-Site Scripting vulnerability<= 3.1702/07/2024
- Authenticated SQL Injection vulnerability<= 3.1619/06/2024
- Authenticated (Contributor+) SQL Injection via Shortcode vulnerability<= 3.1522/05/2024
- Reflected Cross-Site Scripting via lang vulnerability<= 3.1522/05/2024
- Authenticated (Contributor+) Stored Cross-Site Scripting via mla_gallery Shortcode vulnerability<= 3.1329/03/2024
- Authenticated (Contributor+) SQL Injection via Shortcode vulnerability<= 3.1326/03/2024
- Cross Site Scripting (XSS) vulnerability<= 3.1102/10/2023
- Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability<= 3.1022/09/2023
- Unauthenticated Local/Remote File Inclusion and Code Execution vulnerability<= 3.0906/09/2023
- Reflected Cross Site Scripting (XSS) vulnerability<= 3.0.712/07/2023
- Admin+ SQL Injection vulnerability< 3.0621/02/2023
- Unauthenticated Error Log Disclosure vulnerability<= 3.0029/09/2022
- Authenticated Blind SQL Injection (SQLi) vulnerability<= 2.8424/11/2020
- Authenticated Remote Code Execution (RCE) vulnerability<= 2.8119/04/2020
- Authenticated Stored Cross-Site Scripting (XSS) vulnerability<= 2.8113/04/2020
- Unauthenticated Limited Local File Inclusion (LFI) vulnerability<= 2.8113/04/2020