Media Library Assistant
David Lingren
Developer
3.30
Latest version
70,000
Installations
Oct 20, 2025
Last updated
Vulnerability history
0 present
24 fixed
12 Mitigation rules
- Unauthenticated Limited File Read vulnerability<= 3.29Oct 18, 2025
- Cross Site Scripting (XSS) Vulnerability<= 3.28Sep 22, 2025
- Authenticated (Author+) Limited File Deletion vulnerability<= 3.27Aug 18, 2025
- Authenticated (Contributor+) Stored Cross-Site Scripting via mla_tag_cloud and mla_term_list Shortcodes vulnerability<= 3.26Jul 16, 2025
- Stored Cross Site Scripting (XSS) vulnerability<= 3.24Mar 31, 2025
- Reflected Cross-Site Scripting vulnerability<= 3.23Jan 3, 2025
- Remote Code Execution (RCE) vulnerability<= 3.19Nov 1, 2024
- Authenticated (Author+) Arbitrary File Upload via mla-inline-edit-upload-scripts AJAX Action vulnerability<= 3.18Aug 13, 2024
- Reflected Cross-Site Scripting vulnerability<= 3.17Jul 2, 2024
- Authenticated SQL Injection vulnerability<= 3.16Jun 19, 2024
- Authenticated (Contributor+) SQL Injection via Shortcode vulnerability<= 3.15May 22, 2024
- Reflected Cross-Site Scripting via lang vulnerability<= 3.15May 22, 2024
- Authenticated (Contributor+) Stored Cross-Site Scripting via mla_gallery Shortcode vulnerability<= 3.13Mar 29, 2024
- Authenticated (Contributor+) SQL Injection via Shortcode vulnerability<= 3.13Mar 26, 2024
- Cross Site Scripting (XSS) vulnerability<= 3.11Oct 2, 2023
- Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability<= 3.10Sep 22, 2023
- Unauthenticated Local/Remote File Inclusion and Code Execution vulnerability<= 3.09Sep 6, 2023
- Reflected Cross Site Scripting (XSS) vulnerability<= 3.0.7Jul 12, 2023
- Admin+ SQL Injection vulnerability< 3.06Feb 21, 2023
- Unauthenticated Error Log Disclosure vulnerability<= 3.00Sep 29, 2022
- Authenticated Blind SQL Injection (SQLi) vulnerability<= 2.84Nov 24, 2020
- Authenticated Remote Code Execution (RCE) vulnerability<= 2.81Apr 19, 2020
- Authenticated Stored Cross-Site Scripting (XSS) vulnerability<= 2.81Apr 13, 2020
- Unauthenticated Limited Local File Inclusion (LFI) vulnerability<= 2.81Apr 13, 2020