Reflected Cross-Site Scripting Vulnerability in Media Library Assistant Plugin for WordPress
CVE-2024-11974

6.1MEDIUM

Key Information:

Vendor

Wordpress
Status
Media Library Assistant
Vendor
CVE Published:
4 January 2025

What is CVE-2024-11974?

The Media Library Assistant plugin used in WordPress has a vulnerability due to inadequate input validation and output sanitization in the 'smc_settings_tab', 'unattachfixit-action', and 'woofixit-action' parameters. This flaw allows unauthenticated adversaries to exploit the vulnerability by crafting malicious web scripts. Upon tricking a victim into clicking a specially crafted link, these scripts could execute within the context of the affected WordPress site, thereby compromising the integrity of the website and potentially leading to data exposure or further attacks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Media Library Assistant * <= 3.23

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://plugins.trac.wordpress.org/browser/media-library-...
https://plugins.trac.wordpress.org/browser/media-library-...

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Dale Mavers
JSON
.