Media Library Assistant < 2.90 - Authenticated Blind SQL Injection

Posted on Vulnerabilities Disclosure

System : Plugin WordPress

Name System : Media Library Assistant

Link:  https://wordpress.org/plugins/media-library-assistant/

Version : < 2.90

Number targets: 60.000 active downloads

Vulnerability type : Blind SQL Injection Error-based

Proof of Concept : Waiting

Patch fixed :   https://plugins.trac.wordpress.org/changeset/2423321

Published:

https://wpscan.com/vulnerability/10480

Author: lenonleite

Website | All posts