Skip to main content

Media Library Assistant CVE-2020-11731

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2020-04-13 cve@mitre.org
6.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.1 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Apr 13, 2020 - 02:15 nvd
MEDIUM 6.1

DescriptionNVD

The Media Library Assistant plugin before 2.82 for Wordpress suffers from multiple XSS vulnerabilities in all Settings/Media Library Assistant tabs, which allow remote authenticated users to execute arbitrary JavaScript.

AnalysisAI

The Media Library Assistant plugin before 2.82 for Wordpress suffers from multiple XSS vulnerabilities in all Settings/Media Library Assistant tabs, which allow remote authenticated users to execute. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. The Media Library Assistant plugin before 2.82 for Wordpress suffers from multiple XSS vulnerabilities in all Settings/Media Library Assistant tabs, which allow remote authenticated users to execute arbitrary JavaScript. Affected products include: Davidlingren Media Library Assistant. Version information: before 2.82.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2023-4634 CRITICAL POC
9.8 Sep 06

The Media Library Assistant plugin for WordPress is vulnerable to Local File Inclusion and Remote Code Execution in vers

CVE-2020-11732 HIGH POC
7.5 Apr 13

The Media Library Assistant plugin before 2.82 for Wordpress suffers from a Local File Inclusion vulnerability in mla_ga

CVE-2020-11928 CRITICAL
9.8 Apr 20

In the media-library-assistant plugin before 2.82 for WordPress, Remote Code Execution can occur via the tax_query, meta

CVE-2024-3518 HIGH
8.8 May 22

The Media Library Assistant plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode(s) in all ver

CVE-2024-5605 HIGH
8.8 Jun 20

The Media Library Assistant plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order’ parameter wit

CVE-2024-6823 HIGH
8.8 Aug 13

The Media Library Assistant plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type valida

CVE-2026-32399 HIGH
8.5 Mar 13

Blind SQL injection in Media Library Assistant through version 3.32 allows authenticated attackers to execute arbitrary

CVE-2023-0279 HIGH
7.2 Feb 27

The Media Library Assistant WordPress plugin before 3.06 does not properly sanitise and escape a parameter before using

CVE-2026-54198 HIGH
7.1 Jun 16

Reflected cross-site scripting in the Media Library Assistant WordPress plugin (versions up to and including 3.35) allow

CVE-2024-3519 MEDIUM
6.1 May 22

The Media Library Assistant plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the lang parameter

CVE-2024-2871 MEDIUM
6.4 Apr 09

The Media Library Assistant plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode(s) in all ver

CVE-2024-2475 MEDIUM
6.4 Mar 29

The Media Library Assistant plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode

Share

CVE-2020-11731 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy