Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Media Library Assistant — Vulnerabilities & Security Advisories 24

All 24 CVE vulnerabilities found in Media Library Assistant, with AI-generated Chinese analysis, references, and POCs.

Vendor: Unknown

CVE IDTitleCVSSSeverityPublished
CVE-2026-34897 WordPress Media LIbrary Assistant plugin <= 3.34 - Cross Site Scripting (XSS) vulnerability CWE-79 6.5 Medium2026-04-06
CVE-2026-34885 WordPress Media LIbrary Assistant plugin <= 3.34 - SQL Injection vulnerability CWE-89 8.5 High2026-04-06
CVE-2026-32399 WordPress Media LIbrary Assistant plugin <= 3.32 - SQL Injection vulnerability CWE-89 9.8 -2026-03-13
CVE-2026-3072 Media Library Assistant <= 3.33 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Attachment Taxonomy Modification CWE-862 4.3 Medium2026-03-05
CVE-2025-63065 WordPress Media LIbrary Assistant plugin <= 3.29 - Broken Access Control vulnerability CWE-639 5.3 Medium2025-12-09
CVE-2025-11738 Media Library Assistant <= 3.29 - Unauthenticated Limited File Read CWE-73 5.3 Medium2025-10-18
CVE-2025-59590 WordPress Media Library Assistant Plugin <= 3.28 - Cross Site Scripting (XSS) Vulnerability CWE-79 5.9 Medium2025-09-22
CVE-2025-8357 Media Library Assistant <= 3.27 - Authenticated (Author+) Limited File Deletion CWE-862 4.3 Medium2025-08-19
CVE-2025-7035 Media Library Assistant <= 3.26 - Authenticated (Contributor+) Stored Cross-Site Scripting via mla_tag_cloud and mla_term_list Shortcodes CWE-79 6.4 Medium2025-07-16
CVE-2025-31627 WordPress Media Library Assistant plugin <= 3.24 - Stored Cross Site Scripting (XSS) vulnerability CWE-79 5.9 Medium2025-03-31
CVE-2024-11974 Media Library Assistant <= 3.23 - Reflected Cross-Site Scripting via smc_settings_tab, unattachfixit-action, and woofixit-action Parameters CWE-79 6.1 Medium2025-01-04
CVE-2024-51661 WordPress Media Library Assistant plugin <= 3.19 - Remote Code Execution (RCE) vulnerability CWE-78 9.1 Critical2024-11-04
CVE-2024-6823 Media Library Assistant <= 3.18 - Authenticated (Author+) Arbitrary File Upload via mla-inline-edit-upload-scripts AJAX Action CWE-434 8.8 High2024-08-13
CVE-2024-5544 Media Library Assistant <= 3.17 - Reflected Cross-Site Scripting CWE-79 6.1 Medium2024-07-02
CVE-2024-5605 Media Library Assistant <= 3.16 - Authenticated (Contributor+) SQL Injection via order Parameter CWE-89 8.8 High2024-06-20
CVE-2024-3518 Media Library Assistant <= 3.15 - Authenticated (Contributor+) SQL Injection via Shortcode CWE-89 8.8 High2024-05-21
CVE-2024-3519 Media Library Assistant <= 3.15 - Reflected Cross-Site Scripting via lang CWE-87 6.1 Medium2024-05-21
CVE-2024-2871 Media Library Assistant <= 3.13 - Authenticated (Contributor+) SQL Injection via Shortcode CWE-89 6.4 Medium2024-04-09
CVE-2024-2475 Media Library Assistant <= 3.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via mla_gallery Shortcode CWE-79 6.4 Medium2024-03-29
CVE-2023-24385 WordPress Media Library Assistant Plugin <= 3.11 is vulnerable to Cross Site Scripting (XSS) CWE-79 5.9 Medium2023-10-17
CVE-2023-4716 Media Library Assistant <= 3.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CWE-79 6.4 Medium2023-09-22
CVE-2023-4634 Media Library Assistant <= 3.09 - Unauthenticated Local/Remote File Inclusion & Remote Code Execution CWE-73 9.8 Critical2023-09-06
CVE-2023-34010 WordPress Media Library Assistant Plugin <= 3.0.7 is vulnerable to Cross Site Scripting (XSS) CWE-79 5.8 Medium2023-08-05
CVE-2023-0279 Media Library Assistant < 3.06 - Admin+ SQLi 7.2 -2023-02-27

All 24 known CVE vulnerabilities affecting Media Library Assistant with full Chinese analysis, references, and POCs where available.