Business

News

 
More...

Alerts

 
More...

Events

 
More...
 
     
 

Remote Code execution in WordPress

 

Systems Affected


  ✻  WordPress media-library-assistant plugin up to 2.81V

Threat Level


High


Overview


Remote code execution vulnerability (CVE-2020-11928) was found in the WordPress media-library-assistant plugin where attacker could run arbitrary codes on the targeted system.


Description


The vulnerability resides in the media-library-assistant plugin of WordPress versions up to 2.81 due to the improper security controls. A remote attacker could exploit this vulnerability manipulating the argumentstax_query, meta_query, or data_query as a parameter in mla_galleryfunction of the affected system.

Successful exploit of this vulnerability could allow the attacker to execute arbitrary codes with elevated privileges on the targeted system.


Impact


  ✻  Disruption to your website and business
  ✻  Web server compromising
  ✻  Leakage of sensitive data of the web server


Solution/ Workarounds


  ✻  Update the latest version of the WordPress 2.82 or later for media-library-assistant.


References


  ✻  https://exchange.xforce.ibmcloud.com/vulnerabilities/180176
  ✻  https://www.cert-in.org.in/


Disclaimer


The information provided herein is on "as is" basis, without warranty of any kind.


 
     

© Copyright Sri Lanka CERT|CC. All Rights Reserved.