Reflected Cross-Site Scripting Vulnerability in Media Library Assistant Plugin for WordPress
CVE-2024-11974
6.1MEDIUM
What is CVE-2024-11974?
The Media Library Assistant plugin used in WordPress has a vulnerability due to inadequate input validation and output sanitization in the 'smc_settings_tab', 'unattachfixit-action', and 'woofixit-action' parameters. This flaw allows unauthenticated adversaries to exploit the vulnerability by crafting malicious web scripts. Upon tricking a victim into clicking a specially crafted link, these scripts could execute within the context of the affected WordPress site, thereby compromising the integrity of the website and potentially leading to data exposure or further attacks.
Affected Version(s)
Media Library Assistant * <= 3.23