David Lingren Media Library Assistant vulnerabilities
11 known vulnerabilities affecting david_lingren/media_library_assistant.
Total CVEs
11
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH4MEDIUM7
Vulnerabilities
Page 1 of 1
CVE-2026-34885P2HIGHCVSS 8.5PoC≥ n/a, ≤ 3.342026-04-06
CVE-2026-34885 [HIGH] CWE-89 CVE-2026-34885: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David Lingren Media LIbrary Assistant allows SQL Injection.This issue affects Media LIbrary Assistant: from n/a through 3.34.
nvd
CVE-2026-32399P3HIGHCVSS 8.5≤ 3.322026-03-13
CVE-2026-32399 [HIGH] CWE-89 CVE-2026-32399: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David Lingren Media LIbrary Assistant media-library-assistant allows Blind SQL Injection.This issue affects Media LIbrary Assistant: from n/a through <= 3.32.
nvd
CVE-2024-51661P3HIGHCVSS 7.2≤ 3.192024-11-04
CVE-2024-51661 [HIGH] CWE-78 CVE-2024-51661: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerabi
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in David Lingren Media LIbrary Assistant media-library-assistant allows Command Injection.This issue affects Media LIbrary Assistant: from n/a through <= 3.19.
nvd
CVE-2025-63065P4MEDIUMCVSS 5.3≤ 3.292025-12-09
CVE-2025-63065 [MEDIUM] CWE-639 CVE-2025-63065: Authorization Bypass Through User-Controlled Key vulnerability in David Lingren Media LIbrary Assist
Authorization Bypass Through User-Controlled Key vulnerability in David Lingren Media LIbrary Assistant media-library-assistant allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Media LIbrary Assistant: from n/a through <= 3.29.
nvd
CVE-2026-54198P4HIGHCVSS 7.1≥ n/a, ≤ 3.352026-06-16
CVE-2026-54198 [HIGH] CWE-79 CVE-2026-54198: Unauthenticated Cross Site Scripting (XSS) in Media LIbrary Assistant <= 3.35 versions.
Unauthenticated Cross Site Scripting (XSS) in Media LIbrary Assistant <= 3.35 versions.
nvd
CVE-2026-34897P4MEDIUMCVSS 6.5≥ n/a, ≤ 3.342026-04-06
CVE-2026-34897 [MEDIUM] CWE-79 CVE-2026-34897: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in David Lingren Media LIbrary Assistant allows Stored XSS.This issue affects Media LIbrary Assistant: from n/a through 3.34.
nvd
CVE-2022-41618P4MEDIUMCVSS 5.3≤ 3.002022-11-18
CVE-2022-41618 [MEDIUM] CWE-200 CVE-2022-41618: Unauthenticated Error Log Disclosure vulnerability in Media Library Assistant plugin <= 3.00 on Word
Unauthenticated Error Log Disclosure vulnerability in Media Library Assistant plugin <= 3.00 on WordPress.
nvd
CVE-2023-34010P4MEDIUMCVSS 6.1≥ n/a, ≤ 3.0.72023-08-05
CVE-2023-34010 [MEDIUM] CWE-79 CVE-2023-34010: Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in submodule of David Lingren Media Libra
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in submodule of David Lingren Media Library Assistant plugin <= 3.0.7 versions.
nvd
CVE-2025-59590P4MEDIUMCVSS 5.9≤ 3.282025-09-22
CVE-2025-59590 [MEDIUM] CWE-79 CVE-2025-59590: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in David Lingren Media LIbrary Assistant media-library-assistant allows Stored XSS.This issue affects Media LIbrary Assistant: from n/a through <= 3.28.
nvd
CVE-2025-31627P4MEDIUMCVSS 5.9≤ 3.242025-03-31
CVE-2025-31627 [MEDIUM] CWE-79 CVE-2025-31627: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in David Lingren Media LIbrary Assistant media-library-assistant allows Stored XSS.This issue affects Media LIbrary Assistant: from n/a through <= 3.24.
nvd
CVE-2023-24385P4MEDIUMCVSS 4.8≥ n/a, ≤ 3.112023-10-17
CVE-2023-24385 [MEDIUM] CWE-79 CVE-2023-24385: Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in David Lingren Media Library Assis
Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in David Lingren Media Library Assistant plugin <= 3.11 versions.
nvd