ThreatPress

WordPress Vulnerability Database

Back

WordPress Media Library Assistant plugin <= 2.84 - Authenticated Blind SQL Injection (SQLi) vulnerability

Product
Media Library Assistant
Description
Authenticated Blind SQL Injection (SQLi) vulnerability found by Lenon Leite in WordPress Media Library Assistant plugin (versions <= 2.84).
Solution
Update the WordPress Media Library Assistant plugin to the latest available version (at least 2.9.0).
Classification
Type SQL Injection
OWASP Top 10 A1: Injection
References
Plugin changelog
CVE
Name CVE-N/A
Versions
Affected In <= 2.84
Fixed In 2.9.0
Disclosure date
2020-11-24
Credits
Lenon Leite