Skip to main content

Media Library Assistant CVE-2020-11732

HIGH
2020-04-13 cve@mitre.org
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Apr 13, 2020 - 02:15 nvd
HIGH 7.5

DescriptionNVD

The Media Library Assistant plugin before 2.82 for Wordpress suffers from a Local File Inclusion vulnerability in mla_gallery link=download.

AnalysisAI

The Media Library Assistant plugin before 2.82 for Wordpress suffers from a Local File Inclusion vulnerability in mla_gallery link=download. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

The Media Library Assistant plugin before 2.82 for Wordpress suffers from a Local File Inclusion vulnerability in mla_gallery link=download. Affected products include: Davidlingren Media Library Assistant. Version information: before 2.82.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2023-4634 CRITICAL POC
9.8 Sep 06

The Media Library Assistant plugin for WordPress is vulnerable to Local File Inclusion and Remote Code Execution in vers

CVE-2020-11928 CRITICAL
9.8 Apr 20

In the media-library-assistant plugin before 2.82 for WordPress, Remote Code Execution can occur via the tax_query, meta

CVE-2024-3518 HIGH
8.8 May 22

The Media Library Assistant plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode(s) in all ver

CVE-2024-5605 HIGH
8.8 Jun 20

The Media Library Assistant plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order’ parameter wit

CVE-2024-6823 HIGH
8.8 Aug 13

The Media Library Assistant plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type valida

CVE-2026-32399 HIGH
8.5 Mar 13

Blind SQL injection in Media Library Assistant through version 3.32 allows authenticated attackers to execute arbitrary

CVE-2023-0279 HIGH
7.2 Feb 27

The Media Library Assistant WordPress plugin before 3.06 does not properly sanitise and escape a parameter before using

CVE-2026-54198 HIGH
7.1 Jun 16

Reflected cross-site scripting in the Media Library Assistant WordPress plugin (versions up to and including 3.35) allow

CVE-2024-3519 MEDIUM
6.1 May 22

The Media Library Assistant plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the lang parameter

CVE-2024-2871 MEDIUM
6.4 Apr 09

The Media Library Assistant plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode(s) in all ver

CVE-2024-2475 MEDIUM
6.4 Mar 29

The Media Library Assistant plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode

CVE-2023-4716 MEDIUM
6.4 Sep 22

The Media Library Assistant plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'mla_gallery' shor

Share

CVE-2020-11732 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy