WordPress Plugin Vulnerabilities

Media Library Assistant < 2.82 - Authenticated Stored Cross-Site Scripting (XSS)

Description

The Media Library Assistant plugin before 2.82 for WordPress suffers from multiple XSS vulnerabilities in all Settings/Media Library Assistant tabs, which allow remote authenticated users to execute arbitrary JavaScript.

Affects Plugins

Plugin icon
media-library-assistant
Fixed in 2.82

References

CVE
CVE-2020-11731
Exploitdb
48315
URL
https://plugins.trac.wordpress.org/changeset/2273526/media-library-assistant

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Verified
Yes
WPVDB ID
ee8dbf18-309a-448e-8902-3971dac25156

Timeline

Publicly Published
2020-04-13 (about 6 years ago)
Added
2020-04-13 (about 6 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2024-02-07
Title
WP Shortcodes Plugin — Shortcodes Ultimate < 7.0.2 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode
Published
2021-09-06
Title
User Registration < 2.0.2 - Low Privilege Stored Cross-Site Scripting
Published
2024-02-01
Title
Calculated Fields Form < 1.2.53 - Contributor+ Stored XSS
Published
2023-01-31
Title
Wufoo Shortcode < 1.52 - Contributor+ Stored XSS via Shortcode
Published
2025-09-09
Title
MyBrain Utilities < 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting