Vulnerabilities > Davidlingren > Media Library Assistant > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-02 | CVE-2024-5544 | Cross-site Scripting vulnerability in Davidlingren Media Library Assistant The Media Library Assistant plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the order parameter in all versions up to, and including, 3.17 due to insufficient input sanitization and output escaping. | 6.1 |
| 2023-10-17 | CVE-2023-24385 | Unspecified vulnerability in Davidlingren Media Library Assistant Auth. | 4.8 |
| 2023-09-22 | CVE-2023-4716 | Cross-site Scripting vulnerability in Davidlingren Media Library Assistant The Media Library Assistant plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'mla_gallery' shortcode in versions up to, and including, 3.10 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2023-08-05 | CVE-2023-34010 | Unspecified vulnerability in Davidlingren Media Library Assistant Unauth. | 6.1 |
| 2022-11-18 | CVE-2022-41618 | Information Exposure Through Log Files vulnerability in Davidlingren Media Library Assistant Unauthenticated Error Log Disclosure vulnerability in Media Library Assistant plugin <= 3.00 on WordPress. | 5.3 |
| 2020-04-13 | CVE-2020-11731 | Cross-site Scripting vulnerability in Davidlingren Media Library Assistant The Media Library Assistant plugin before 2.82 for Wordpress suffers from multiple XSS vulnerabilities in all Settings/Media Library Assistant tabs, which allow remote authenticated users to execute arbitrary JavaScript. | 6.1 |
| 2019-08-22 | CVE-2018-20982 | Cross-site Scripting vulnerability in Davidlingren Media Library Assistant The media-library-assistant plugin before 2.74 for WordPress has XSS via the Media/Assistant or Settings/Media Library assistant admin submenu screens. | 6.1 |