WordPress Plugin Vulnerabilities

Media Library Assistant < 3.01 - Unauthenticated Error Log Access

Description

The plugin does not have authorisation in place, which could allow unauthenticated attackers to access its error log if they can guess or brute force the filename

Affects Plugins

Plugin icon
media-library-assistant
Fixed in 3.01

References

CVE
CVE-2022-41618

Classification

Type
SENSITIVE DATA DISCLOSURE
OWASP top 10
A3: Sensitive Data Exposure
CWE
CWE-200
CVSS
3.7 (low)

Miscellaneous

Original Researcher
Brandon Roldan
Verified
No
WPVDB ID
4c8e8e93-ed96-4f46-ac0f-4bf2e2a392e3

Timeline

Publicly Published
2022-09-29 (about 3 years ago)
Added
2022-11-20 (about 3 years ago)
Last Updated
2022-11-20 (about 3 years ago)

Other

Published
Title
Published
2022-08-01
Title
Simple Job Board < 2.10.0 - Resume Disclosure via Directory Listing
Published
2024-12-10
Title
Members < 3.2.11 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure
Published
2025-01-24
Title
Paytium < 4.4.12 - Unauthenticated Full Path Disclosure
Published
2024-07-04
Title
Simple Job Board < 2.12.6 - Unauthenticated Resumes Download
Published
2025-09-05
Title
Ninja Charts < 3.3.6 - Unauthenticated Information Exposure