Media Library Assistant < 3.19 – Authenticated (Author+) Arbitrary File Upload via mla-inline-edit-upload-scripts AJAX Action | CVE 2024-6823 | Plugin Vulnerabilities

Description

The Media Library Assistant plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation involving the mla-inline-edit-upload-scripts AJAX action in all versions up to, and including, 3.18. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

Affects Plugins

media-library-assistant

Fixed in 3.19

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/9a446fe7-c97a-436e-b494-b924e6518297

Miscellaneous

Original Researcher

wesley (wcraft)

Verified

No

WPVDB ID

fcf06d60-cf06-4284-a39b-8232abdb4419

Timeline

Publicly Published

2024-08-12 (about 1 year ago)

Added

2024-08-12 (about 1 year ago)

Last Updated

2024-08-13 (about 1 year ago)

Other

Published

Title

Published

2015-10-29

Title

WordPress File Upload <= 3.4.0 - Unauthenticated Malicious File Upload

Published

2024-11-08

Title

Computer Repair Shop < 3.8116 - Unauthenticated Arbitrary File Upload

Published

2024-11-22

Title

School Management < 92.0.0 - Authenticated (Student+) Arbitrary File Upload

Published

2014-08-01

Title

Woopra < 1.4.3.2 - Unauthenticated Arbitrary File Upload

Published

2021-09-01

Title

Secure File Manager <= 2.9.3 - Admin+ Arbitrary File Upload