Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1325 CNY

100%
Buy Us a Coffee

Media Library Assistant — Vulnerabilities & Security Advisories 27

All 27 CVE vulnerabilities found in Media Library Assistant, with AI-generated Chinese analysis, references, and POCs.

This page documents known security weaknesses affecting Media Library Assistant, a WordPress plugin developed by the vendor Media Library Assistant. It aggregates Common Weakness Enumerations (CWE) and associated vulnerability data specifically related to this software component. The collection includes various security issues such as stored cross-site scripting, incomplete multi-factor authentication, and security misconfigurations, covering records from initial discovery through recent updates in 2024. By reviewing this compiled data, users can track vendor advisories for Media Library Assistant to understand the timeline of reported issues and patches. Readers can also gain a deeper understanding of specific weakness classes that impact the plugin, helping to contextualize the technical nature of the flaws. Furthermore, this resource allows administrators to look up the product's vulnerability history, providing a comprehensive view of past security incidents and their resolution status. This information is intended to assist developers and security teams in assessing the risk profile of their installations and prioritizing remediation efforts based on historical trends. The page serves as a centralized reference point for analyzing how specific coding errors and configuration mistakes have manifested in this particular tool over time. It does not provide real-time alerts but rather offers a retrospective analysis of documented incidents. This approach supports informed decision-making regarding updates, configuration changes, and monitoring strategies. By consolidating these details, the page aims to improve transparency and facilitate better security hygiene for users relying on Media Library Assistant for their media management needs.

Vendor: Unknown

CVE IDTitleCVSSSeverityPublished
CVE-2026-56012 WordPress Media LIbrary Assistant plugin <= 3.35 - SQL Injection vulnerability CWE-89 8.5 High2026-06-18
CVE-2026-54198 WordPress Media LIbrary Assistant plugin <= 3.35 - Reflected Cross Site Scripting (XSS) vulnerability CWE-79 7.1 High2026-06-16
CVE-2026-6075 Media Library Assistant <= 3.35 - Cross-Site Request Forgery via Bulk Action Form CWE-352 8.1 High2026-05-29
CVE-2026-34897 WordPress Media LIbrary Assistant plugin <= 3.34 - Cross Site Scripting (XSS) vulnerability CWE-79 6.5 Medium2026-04-06
CVE-2026-34885 WordPress Media LIbrary Assistant plugin <= 3.34 - SQL Injection vulnerability CWE-89 8.5 High2026-04-06
CVE-2026-32399 WordPress Media LIbrary Assistant plugin <= 3.32 - SQL Injection vulnerability CWE-89 8.5 High2026-03-13
CVE-2026-3072 Media Library Assistant <= 3.33 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Attachment Taxonomy Modification CWE-862 4.3 Medium2026-03-05
CVE-2025-63065 WordPress Media LIbrary Assistant plugin <= 3.29 - Broken Access Control vulnerability CWE-639 5.3 Medium2025-12-09
CVE-2025-11738 Media Library Assistant <= 3.29 - Unauthenticated Limited File Read CWE-73 5.3 Medium2025-10-18
CVE-2025-59590 WordPress Media Library Assistant Plugin <= 3.28 - Cross Site Scripting (XSS) Vulnerability CWE-79 5.9 Medium2025-09-22
CVE-2025-8357 Media Library Assistant <= 3.27 - Authenticated (Author+) Limited File Deletion CWE-862 4.3 Medium2025-08-19
CVE-2025-7035 Media Library Assistant <= 3.26 - Authenticated (Contributor+) Stored Cross-Site Scripting via mla_tag_cloud and mla_term_list Shortcodes CWE-79 6.4 Medium2025-07-16
CVE-2025-31627 WordPress Media Library Assistant plugin <= 3.24 - Stored Cross Site Scripting (XSS) vulnerability CWE-79 5.9 Medium2025-03-31
CVE-2024-11974 Media Library Assistant <= 3.23 - Reflected Cross-Site Scripting via smc_settings_tab, unattachfixit-action, and woofixit-action Parameters CWE-79 6.1 Medium2025-01-04
CVE-2024-51661 WordPress Media Library Assistant plugin <= 3.19 - Remote Code Execution (RCE) vulnerability CWE-78 9.1 Critical2024-11-04
CVE-2024-6823 Media Library Assistant <= 3.18 - Authenticated (Author+) Arbitrary File Upload via mla-inline-edit-upload-scripts AJAX Action CWE-434 8.8 High2024-08-13
CVE-2024-5544 Media Library Assistant <= 3.17 - Reflected Cross-Site Scripting CWE-79 6.1 Medium2024-07-02
CVE-2024-5605 Media Library Assistant <= 3.16 - Authenticated (Contributor+) SQL Injection via order Parameter CWE-89 8.8 High2024-06-20
CVE-2024-3518 Media Library Assistant <= 3.15 - Authenticated (Contributor+) SQL Injection via Shortcode CWE-89 8.8 High2024-05-21
CVE-2024-3519 Media Library Assistant <= 3.15 - Reflected Cross-Site Scripting via lang CWE-87 6.1 Medium2024-05-21
CVE-2024-2871 Media Library Assistant <= 3.13 - Authenticated (Contributor+) SQL Injection via Shortcode CWE-89 6.4 Medium2024-04-09
CVE-2024-2475 Media Library Assistant <= 3.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via mla_gallery Shortcode CWE-79 6.4 Medium2024-03-29
CVE-2023-24385 WordPress Media Library Assistant Plugin <= 3.11 is vulnerable to Cross Site Scripting (XSS) CWE-79 5.9 Medium2023-10-17
CVE-2023-4716 Media Library Assistant <= 3.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CWE-79 6.4 Medium2023-09-22
CVE-2023-4634 Media Library Assistant <= 3.09 - Unauthenticated Local/Remote File Inclusion & Remote Code Execution CWE-73 9.8 Critical2023-09-06
CVE-2023-34010 WordPress Media Library Assistant Plugin <= 3.0.7 is vulnerable to Cross Site Scripting (XSS) CWE-79 5.8 Medium2023-08-05
CVE-2023-0279 Media Library Assistant < 3.06 - Admin+ SQLi 7.2 -2023-02-27

All 27 known CVE vulnerabilities affecting Media Library Assistant with full Chinese analysis, references, and POCs where available.