Media Library Assistant < 2.82 - Authenticated RCE



Description
Remote Code Execution can occur via the tax_query, meta_query, and date_query parameter of the [mla_gallery] shortcode.

Affects Plugin

fixed in version 2.82

References

CVE 2020-11928

Classification

Type RCE
OWASP Top 10 A1: Injection
CWE CWE-94

Miscellaneous

Views 1871
Verified No
WPVDB ID 10182

Timeline

Publicly Published 2020-04-19 (about 1 month ago)
Added 2020-04-20 (about 1 month ago)
Last Updated 2020-04-21 (about 1 month ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin