Dglingren Media Library Assistant
15 CVEs affecting Dglingren Media Library Assistant. Latest disclosed: 2026-05-29. Critical: 1, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-4634 | Critical | 9.8 | 2023-09-06 | The Media Library Assistant plugin for WordPress is vulnerable to Local File Inclusion and Remote Code Execution in versions up to, and including, 3.09. This i… |
CVE-2024-6823 | High | 8.8 | 2024-08-13 | The Media Library Assistant plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation involving the mla-inline-edit-uplo… |
CVE-2024-5605 | High | 8.8 | 2024-06-20 | The Media Library Assistant plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order’ parameter within the mla_tag_cloud Shortcode in all… |
CVE-2024-3518 | High | 8.8 | 2024-05-21 | The Media Library Assistant plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode(s) in all versions up to, and including, 3.15 due to… |
CVE-2026-6075 | High | 8.1 | 2026-05-29 | The Media Library Assistant plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.35 This is due to missing nonc… |
CVE-2025-7035 | Medium | 6.4 | 2025-07-16 | The Media Library Assistant plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mla_tag_cloud and mla_term_list shortcodes in al… |
CVE-2024-2871 | Medium | 6.4 | 2024-04-09 | The Media Library Assistant plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode(s) in all versions up to, and including, 3.13 due to… |
CVE-2024-2475 | Medium | 6.4 | 2024-03-29 | The Media Library Assistant plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including… |
CVE-2023-4716 | Medium | 6.4 | 2023-09-22 | The Media Library Assistant plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'mla_gallery' shortcode in versions up to, and including… |
CVE-2024-11974 | Medium | 6.1 | 2025-01-04 | The Media Library Assistant plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘smc_settings_tab', 'unattachfixit-action', and 'woofi… |
CVE-2024-5544 | Medium | 6.1 | 2024-07-02 | The Media Library Assistant plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the order parameter in all versions up to, and including… |
CVE-2024-3519 | Medium | 6.1 | 2024-05-21 | The Media Library Assistant plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the lang parameter in all versions up to, and including, 3… |
CVE-2025-11738 | Medium | 5.3 | 2025-10-18 | The Media Library Assistant plugin for WordPress is vulnerable to limited file reading in all versions up to, and including, 3.29 via the mla-stream-image.php… |
CVE-2026-3072 | Medium | 4.3 | 2026-03-05 | The Media Library Assistant plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the mla_update_compat_… |
CVE-2025-8357 | Medium | 4.3 | 2025-08-19 | The Media Library Assistant plugin for WordPress is vulnerable to arbitrary file deletion in the /wp-content/uploads directory due to insufficient file path va… |