Stored Cross-Site Scripting Vulnerability in Media Library Assistant Plugin for WordPress
CVE-2023-4716
6.4MEDIUM
What is CVE-2023-4716?
The Media Library Assistant plugin for WordPress suffers from a Stored Cross-Site Scripting vulnerability via the 'mla_gallery' shortcode, which allows authenticated users with contributor-level permissions or higher to inject malicious scripts. This is caused by inadequate input sanitization and output escaping for user-supplied attributes. When a user accesses a page with such an injection, arbitrary web scripts can execute, potentially compromising user data and site integrity.
Affected Version(s)
Media Library Assistant * <= 3.10