Remote Code execution in WordPress

  • CERT Admin
  • Mon Apr 27 2020
  • Alerts

Systems Affected 

  ✻  WordPress media-library-assistant plugin up to 2.81V 

Threat Level 



Remote code execution vulnerability (CVE-2020-11928) was found in the WordPress media-library-assistant plugin where attacker could run arbitrary codes on the targeted system. 


The vulnerability resides in the media-library-assistant plugin of WordPress versions up to 2.81 due to the improper security controls. A remote attacker could exploit this vulnerability manipulating the argumentstax_query, meta_query, or data_query as a parameter in mla_galleryfunction of the affected system.

Successful exploit of this vulnerability could allow the attacker to execute arbitrary codes with elevated privileges on the targeted system. 


  ✻  Disruption to your website and business
  ✻  Web server compromising
  ✻  Leakage of sensitive data of the web server 

Solution/ Workarounds 

  ✻  Update the latest version of the WordPress 2.82 or later for media-library-assistant. 




The information provided herein is on "as is" basis, without warranty of any kind. 

Last updated: Mon Apr 27 2020