CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-4716

The Media Library Assistant plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'mla_gallery' shortcode in versions up to, and including, 3.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 33.8%

CVSS Severity

CVSS v3 Score 6.4

References

Products affected by CVE-2023-4716

Davidlingren » Media Library Assistant » Version: N/A

cpe:2.3:a:davidlingren:media_library_assistant:-
Davidlingren » Media Library Assistant » Version: 0.1

cpe:2.3:a:davidlingren:media_library_assistant:0.1
Davidlingren » Media Library Assistant » Version: 0.11

cpe:2.3:a:davidlingren:media_library_assistant:0.11
Davidlingren » Media Library Assistant » Version: 0.90

cpe:2.3:a:davidlingren:media_library_assistant:0.90
Davidlingren » Media Library Assistant » Version: 1.00

cpe:2.3:a:davidlingren:media_library_assistant:1.00
Davidlingren » Media Library Assistant » Version: 1.95

cpe:2.3:a:davidlingren:media_library_assistant:1.95
Davidlingren » Media Library Assistant » Version: 2.00

cpe:2.3:a:davidlingren:media_library_assistant:2.00
Davidlingren » Media Library Assistant » Version: 2.25

cpe:2.3:a:davidlingren:media_library_assistant:2.25
Davidlingren » Media Library Assistant » Version: 2.30

cpe:2.3:a:davidlingren:media_library_assistant:2.30
Davidlingren » Media Library Assistant » Version: 2.33

cpe:2.3:a:davidlingren:media_library_assistant:2.33
Davidlingren » Media Library Assistant » Version: 2.40

cpe:2.3:a:davidlingren:media_library_assistant:2.40
Davidlingren » Media Library Assistant » Version: 2.41

cpe:2.3:a:davidlingren:media_library_assistant:2.41
Davidlingren » Media Library Assistant » Version: 2.50

cpe:2.3:a:davidlingren:media_library_assistant:2.50
Davidlingren » Media Library Assistant » Version: 2.54

cpe:2.3:a:davidlingren:media_library_assistant:2.54
Davidlingren » Media Library Assistant » Version: 2.60

cpe:2.3:a:davidlingren:media_library_assistant:2.60
Davidlingren » Media Library Assistant » Version: 2.65

cpe:2.3:a:davidlingren:media_library_assistant:2.65
Davidlingren » Media Library Assistant » Version: 2.70

cpe:2.3:a:davidlingren:media_library_assistant:2.70
Davidlingren » Media Library Assistant » Version: 2.74

cpe:2.3:a:davidlingren:media_library_assistant:2.74
Davidlingren » Media Library Assistant » Version: 2.78

cpe:2.3:a:davidlingren:media_library_assistant:2.78
Davidlingren » Media Library Assistant » Version: 2.79

cpe:2.3:a:davidlingren:media_library_assistant:2.79
Davidlingren » Media Library Assistant » Version: 2.80

cpe:2.3:a:davidlingren:media_library_assistant:2.80
Davidlingren » Media Library Assistant » Version: 2.82

cpe:2.3:a:davidlingren:media_library_assistant:2.82
Davidlingren » Media Library Assistant » Version: 2.83

cpe:2.3:a:davidlingren:media_library_assistant:2.83
Davidlingren » Media Library Assistant » Version: 2.84

cpe:2.3:a:davidlingren:media_library_assistant:2.84
Davidlingren » Media Library Assistant » Version: 2.90

cpe:2.3:a:davidlingren:media_library_assistant:2.90
Davidlingren » Media Library Assistant » Version: 2.91

cpe:2.3:a:davidlingren:media_library_assistant:2.91
Davidlingren » Media Library Assistant » Version: 2.92

cpe:2.3:a:davidlingren:media_library_assistant:2.92
Davidlingren » Media Library Assistant » Version: 2.93

cpe:2.3:a:davidlingren:media_library_assistant:2.93
Davidlingren » Media Library Assistant » Version: 2.94

cpe:2.3:a:davidlingren:media_library_assistant:2.94
Davidlingren » Media Library Assistant » Version: 2.95

cpe:2.3:a:davidlingren:media_library_assistant:2.95
Davidlingren » Media Library Assistant » Version: 2.96

cpe:2.3:a:davidlingren:media_library_assistant:2.96
Davidlingren » Media Library Assistant » Version: 2.97

cpe:2.3:a:davidlingren:media_library_assistant:2.97
Davidlingren » Media Library Assistant » Version: 2.98

cpe:2.3:a:davidlingren:media_library_assistant:2.98
Davidlingren » Media Library Assistant » Version: 2.99

cpe:2.3:a:davidlingren:media_library_assistant:2.99
Davidlingren » Media Library Assistant » Version: 3.0.7

cpe:2.3:a:davidlingren:media_library_assistant:3.0.7
Davidlingren » Media Library Assistant » Version: 3.00

cpe:2.3:a:davidlingren:media_library_assistant:3.00
Davidlingren » Media Library Assistant » Version: 3.01

cpe:2.3:a:davidlingren:media_library_assistant:3.01
Davidlingren » Media Library Assistant » Version: 3.02

cpe:2.3:a:davidlingren:media_library_assistant:3.02
Davidlingren » Media Library Assistant » Version: 3.03

cpe:2.3:a:davidlingren:media_library_assistant:3.03
Davidlingren » Media Library Assistant » Version: 3.04

cpe:2.3:a:davidlingren:media_library_assistant:3.04
Davidlingren » Media Library Assistant » Version: 3.05

cpe:2.3:a:davidlingren:media_library_assistant:3.05
Davidlingren » Media Library Assistant » Version: 3.06

cpe:2.3:a:davidlingren:media_library_assistant:3.06
Davidlingren » Media Library Assistant » Version: 3.07

cpe:2.3:a:davidlingren:media_library_assistant:3.07
Davidlingren » Media Library Assistant » Version: 3.08

cpe:2.3:a:davidlingren:media_library_assistant:3.08
Davidlingren » Media Library Assistant » Version: 3.09

cpe:2.3:a:davidlingren:media_library_assistant:3.09
Davidlingren » Media Library Assistant » Version: 3.10

cpe:2.3:a:davidlingren:media_library_assistant:3.10

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-4716

Products

Pricing

Contact Us