Media Library Assistant < 2.82 - Authenticated Stored Cross-Site Scripting (XSS)



Description
The Media Library Assistant plugin before 2.82 for WordPress suffers from multiple XSS vulnerabilities in all Settings/Media Library Assistant tabs, which allow remote authenticated users to execute arbitrary JavaScript.

Affects Plugin

fixed in version 2.82

References

CVE 2020-11731
ExploitDB 48315
URL https://plugins.trac.wordpress.org/changeset/2273526/media-library-assistant

Classification

Type XSS
OWASP Top 10 A7: Cross-Site Scripting (XSS)
CWE CWE-79

Miscellaneous

Views 1580
Verified Yes
WPVDB ID 10176

Timeline

Publicly Published 2020-04-13 (about 1 month ago)
Added 2020-04-13 (about 1 month ago)
Last Updated 2020-04-15 (about 1 month ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin