Vulnerabilities > Davidlingren > Media Library Assistant > 2.40
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-20 | CVE-2020-11928 | Unspecified vulnerability in Davidlingren Media Library Assistant In the media-library-assistant plugin before 2.82 for WordPress, Remote Code Execution can occur via the tax_query, meta_query, or date_query parameter in mla_gallery via an admin. | 9.8 |
| 2020-04-13 | CVE-2020-11732 | Unspecified vulnerability in Davidlingren Media Library Assistant The Media Library Assistant plugin before 2.82 for Wordpress suffers from a Local File Inclusion vulnerability in mla_gallery link=download. | 7.5 |
| 2020-04-13 | CVE-2020-11731 | Cross-site Scripting vulnerability in Davidlingren Media Library Assistant The Media Library Assistant plugin before 2.82 for Wordpress suffers from multiple XSS vulnerabilities in all Settings/Media Library Assistant tabs, which allow remote authenticated users to execute arbitrary JavaScript. | 6.1 |
| 2019-08-22 | CVE-2018-20982 | Cross-site Scripting vulnerability in Davidlingren Media Library Assistant The media-library-assistant plugin before 2.74 for WordPress has XSS via the Media/Assistant or Settings/Media Library assistant admin submenu screens. | 6.1 |