CVE-2020-11732
published 2020-04-13CVE-2020-11732: The Media Library Assistant plugin before 2.82 for Wordpress suffers from a Local File Inclusion vulnerability in mla_gallery link=download.
PriorityP275high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
4.92%
91.0th percentile
The Media Library Assistant plugin before 2.82 for Wordpress suffers from a Local File Inclusion vulnerability in mla_gallery link=download.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| davidlingren | media_library_assistant | < 2.82 | 2.82 |
Detection & IOCsextracted from sources · hover to see the quote
url/wp-content/plugins/media-library-assistant/includes/mla-file-downloader.php?mla_download_type=text/html&mla_download_file=/var/www/html/wordpress/wp-content/index.php↗
url/wp-content/plugins/media-library-assistant/includes/mla-file-downloader.php?mla_download_type=text/html&mla_download_file=/var/www/html/wp-content/index.php↗
- →Look for unauthenticated GET requests to mla-file-downloader.php with both 'mla_download_type' and 'mla_download_file' query parameters present — this is the exploit vector requiring no authentication. ↗
- →Alert on HTTP 200 responses to mla-file-downloader.php where the response body contains '// Silence is golden.' — the Nuclei template uses this as a confirmation matcher for successful LFI. ↗
- →The mla_download_file parameter accepts absolute file paths (including Windows-style paths such as C:\...\options.php), enabling traversal to arbitrary local files. Monitor for path separators and sensitive filenames in this parameter. ↗
- →Use FOFA/Shodan/PublicWWW fingerprint queries to identify exposed WordPress instances running the vulnerable plugin before hunting for active exploitation. ↗
- ·The LFI is triggered via the 'mla_gallery link=download' parameter path as well as directly via mla-file-downloader.php; both attack surfaces should be covered in detection rules. ↗
- ·The exploit is confirmed unauthenticated, meaning no session cookie or privilege level is required — perimeter/WAF rules should not restrict detection to authenticated sessions. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-f7mf-8fxg-9ggp: The Media Library Assistant plugin before 2
ghsa_unreviewed·2022-05-24
CVE-2020-11732 [MEDIUM] CWE-200 GHSA-f7mf-8fxg-9ggp: The Media Library Assistant plugin before 2
The Media Library Assistant plugin before 2.82 for Wordpress suffers from a Local File Inclusion vulnerability in mla_gallery link=download.
VulnCheck
Media Library Assistant plugin before 2.82 for Wordpress Local File Inclusion Vulnerability
vulncheck·2020·CVSS 7.5
CVE-2020-11732 [HIGH] Media Library Assistant plugin before 2.82 for Wordpress Local File Inclusion Vulnerability
Media Library Assistant plugin before 2.82 for Wordpress Local File Inclusion Vulnerability
The Media Library Assistant plugin before 2.82 for Wordpress suffers from a Local File Inclusion vulnerability in mla_gallery link=download.
Affected: davidlingren media_library_assistant
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://unit42.paloaltonetworks.com/network-attack-trends-winter-2020/
No detection rules found.
Exploit-DB
WordPress Plugin Media Library Assistant 2.81 - Local File Inclusion
exploitdb·2020-04-13·CVSS 6.1
CVE-2020-11731 [MEDIUM] WordPress Plugin Media Library Assistant 2.81 - Local File Inclusion
WordPress Plugin Media Library Assistant 2.81 - Local File Inclusion
---
# Exploit Title: Wordpress Plugin Media Library Assistant 2.81 - Local File Inclusion
# Google Dork: N/A
# Date: 2020-04-13
# Exploit Author: Daniel Monzón (stark0de)
# Vendor Homepage: http://davidlingren.com/
# Software Link: https://wordpress.org/plugins/media-library-assistant/
# Version: 2.81
# Tested on: Windows 7 x86 SP1
# CVE : CVE-2020-11731, CVE-2020-11732
----Local File Inclusion----------------------------
There is a file inclusion vulnerability in the mla-file-downloader.php file. Example:
http://server/wordpress/wp-content/plugins/media-library-assistant/includes/mla-file-downloader.php?mla_download_type=text/html&mla_download_file=C:\Bitnami\wordpress-5.3.2-2\apps\wordpress\htdocs\wp-content\plugin
Nuclei
Media Library Assistant < 2.82 - Unauthenticated Limited Local File Inclusion
nuclei·CVSS 7.5
CVE-2020-11732 [HIGH] Media Library Assistant < 2.82 - Unauthenticated Limited Local File Inclusion
Media Library Assistant < 2.82 - Unauthenticated Limited Local File Inclusion
Media Library Assistant plugin for WordPress before 2.82 contains a local file inclusion caused by unsanitized mla_gallery link parameter, letting attackers include arbitrary local files, exploit requires access to the vulnerable link.
Template:
id: CVE-2020-11732
info:
name: Media Library Assistant < 2.82 - Unauthenticated Limited Local File Inclusion
author: Sourabh-Sahu
severity: high
description: |
Media Library Assistant plugin for WordPress before 2.82 contains a local file inclusion caused by unsanitized mla_gallery link parameter, letting attackers include arbitrary local files, exploit requires access to the vulnerable link.
impact: |
Attackers can include arbitrary local files, potentially leading t
Unit42
Network Attack Trends: Internet of Threats (November 2020-January 2021)
blogs_unit42·2021-04-12·CVSS 7.5
CVE-2020-28188 [HIGH] Network Attack Trends: Internet of Threats (November 2020-January 2021)
# Executive Summary
Unit 42 researchers analyzed network attack trends over Winter 2020 and discovered many interesting exploits in the wild. During the period of Nov. 2020 to Jan. 2021, the majority of the attacks we observed were classified as critical (75%), compared to the 50.4% we reported in the fall of 2020. Several newly observed exploits, including CVE-2020-28188, CVE-2020-17519, and CVE-2020-29227, have emerged and were continuously being exploited in the wild as of late 2020 to early 2021.
This blog provides details of the newly observed exploits as well as a dive deep into the exploitation analysis, vendor analysis, attack origin, and attack category distribution.
Palo Alto Networks Next-Generation Firewall customers are protected from these attacks with the URL Filtering an
Unit42
Network Attack Trends: Internet of Threats (November 2020-January 2021)
blogs_unit42·2021-04-12·CVSS 7.5
[HIGH] Network Attack Trends: Internet of Threats (November 2020-January 2021)
Threat Research Center
Trend Reports
Vulnerabilities
## Network Attack Trends: Internet of Threats (November 2020-January 2021)
Lei Xu
Yue Guan
Vaibhav Singhal
Published: April 12, 2021
Malware
Trend Reports
Vulnerabilities
Botnet
DDoS
Exploit kit
IoT
Network security trends
## Executive Summary
Unit 42 researchers analyzed network attack trends over Winter 2020 and discovered many interesting exploits in the wild. During the period of Nov. 2020 to Jan. 2021, the majority of the attacks we observed were classified as critical (75%), compared to the 50.4% we reported in the fall of 2020 . Several newly observed exploits, including CVE-2020-28188 , CVE-2020-17519 , and CVE-2020-29227 , have emerged and were continuously being exploited in the wild as of late 2020 to earl
2020-04-13
Published
Exploited in the wild