Media Library Assistant, CVE-2024-6823

CVE, Research URL: CVE-2024-6823
Home page URL: Security reports for Media Library Assistant
Application: Media Library Assistant
Published on: Aug 13, 2024
Research Description: The Media Library Assistant plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation involving the mla-inline-edit-upload-scripts AJAX action in all versions up to, and including, 3.18. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
Affected versions: Min -, max 3.19.
Status: vulnerable