SQL Injection Vulnerability in Media Library Assistant Plugin for WordPress
CVE-2024-2871

6.4MEDIUM

Key Information:

Vendor

WordPress
Status
Media Library Assistant
Vendor
CVE Published:
9 April 2024

What is CVE-2024-2871?

The Media Library Assistant plugin allows authenticated users with contributor access or higher to exploit an SQL Injection vulnerability. An attacker can manipulate the input through the plugin's shortcode and inject additional SQL queries into existing ones. This insufficient input validation and escaping can lead to unauthorized access and extraction of sensitive information from the WordPress database, posing a significant security risk to users. It is crucial to update the plugin to version 3.14 or later to mitigate this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Media Library Assistant * <= 3.13

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://plugins.trac.wordpress.org/browser/media-library-...
https://plugins.trac.wordpress.org/browser/media-library-...

CVSS V3.1

Score:
6.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Matthew Rollings
JSON
.