✻ WordPress media-library-assistant plugin up to 2.81V
Remote code execution vulnerability (CVE-2020-11928) was found in the WordPress media-library-assistant plugin where attacker could run arbitrary codes on the targeted system.
The vulnerability resides in the media-library-assistant plugin of WordPress versions up to 2.81 due to the improper security controls. A remote attacker could exploit this vulnerability manipulating the argumentstax_query, meta_query, or data_query as a parameter in mla_galleryfunction of the affected system.
Successful exploit of this vulnerability could allow the attacker to execute arbitrary codes with elevated privileges on the targeted system.
✻ Disruption to your website and business
✻ Web server compromising
✻ Leakage of sensitive data of the web server
✻ Update the latest version of the WordPress 2.82 or later for media-library-assistant.
The information provided herein is on "as is" basis, without warranty of any kind.