Media Library Assistant Vulnerability – Authenticated (Contributor+) SQL Injection via Shortcode & Reflected Cross-Site Scripting via lang – CVE-2024-3518 & CVE-2024-3519 | WordPress Plugin Vulnerability Report

Plugin Name: Media Library Assistant

Key Information:

  • Software Type: Plugin
  • Software Slug: media-library-assistant
  • Software Status: Active
  • Software Author: dglingren
  • Software Downloads: 1,952,519
  • Active Installs: 70,000
  • Last Updated: May 21, 2024
  • Patched Versions: 3.16
  • Affected Versions: <= 3.15

Vulnerability 1 Details:

  • Name: Media Library Assistant <= 3.15 - Authenticated (Contributor+) SQL Injection via Shortcode
  • Type: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
  • CVE: CVE-2024-3518
  • CVSS Score: 8.8 (High)
  • Publicly Published: May 21, 2024
  • Researcher: Thanh Nam Tran
  • Description: The Media Library Assistant plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode(s) in all versions up to, and including, 3.15 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor access or higher, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Vulnerability 2 Details:

  • Name: Media Library Assistant <= 3.15 - Reflected Cross-Site Scripting via lang
  • Type: Improper Neutralization of Alternate XSS Syntax
  • CVE: CVE-2024-3519
  • CVSS Score: 6.1 (Medium)
  • Publicly Published: May 21, 2024
  • Researcher: Le Ngoc Anh
  • Description: The Media Library Assistant plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the lang parameter in all versions up to, and including, 3.15 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

Summary:

The Media Library Assistant plugin for WordPress has two vulnerabilities in versions up to and including 3.15. The first vulnerability is an SQL Injection via the plugin's shortcode(s) that allows authenticated attackers with contributor access or higher to extract sensitive information from the database. The second vulnerability is a Reflected Cross-Site Scripting via the lang parameter that enables unauthenticated attackers to inject arbitrary web scripts. These vulnerabilities have been patched in version 3.16.

Detailed Overview:

Security researchers Thanh Nam Tran and Le Ngoc Anh discovered two vulnerabilities in the Media Library Assistant plugin for WordPress. The first vulnerability, reported by Thanh Nam Tran, is an SQL Injection vulnerability (CVE-2024-3518) with a CVSS score of 8.8. It exists in the plugin's shortcode(s) due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. Authenticated attackers with contributor access or higher can exploit this to append additional SQL queries into already existing queries, allowing them to extract sensitive information from the database.

The second vulnerability, reported by Le Ngoc Anh, is a Reflected Cross-Site Scripting vulnerability (CVE-2024-3519) with a CVSS score of 6.1. It exists in the lang parameter due to insufficient input sanitization and output escaping. Unauthenticated attackers can exploit this to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

Both vulnerabilities have been patched in version 3.16 of the Media Library Assistant plugin.

Advice for Users:

  1. Immediate Action: Update the Media Library Assistant plugin to version 3.16 or later immediately.
  2. Check for Signs of Vulnerability: Review your site's database and pages for any suspicious or unexpected content that may indicate a successful exploit.
  3. Alternate Plugins: While a patch is available, users might still consider plugins that offer similar functionality as a precaution.
  4. Stay Updated: Always ensure that your plugins are updated to the latest versions to avoid vulnerabilities.

The prompt response from the plugin developers to patch these vulnerabilities underscores the importance of timely updates. Users are advised to ensure that they are running version 3.16 or later of the Media Library Assistant plugin to secure their WordPress installations.

References:

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/media-library-assistant

Vulnerability 1: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/media-library-assistant/media-library-assistant-315-authenticated-contributor-sql-injection-via-shortcode

Vulnerability 2: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/media-library-assistant/media-library-assistant-315-reflected-cross-site-scripting-via-lang

Detailed Report:

As a website owner, the security of your site should always be a top priority. With the increasing prevalence of cyber threats, it's crucial to stay vigilant and take proactive measures to protect your website from potential vulnerabilities. One of the most recent reminders of this necessity comes in the form of two critical vulnerabilities discovered in the popular WordPress plugin, Media Library Assistant.

About the Media Library Assistant Plugin

The Media Library Assistant plugin is a widely-used WordPress plugin that enhances the functionality of the WordPress Media Library. It is currently active on over 70,000 websites and has been downloaded more than 1.9 million times. The plugin was last updated on May 21, 2024, and the latest patched version is 3.16.

Discovered Vulnerabilities

Security researchers Thanh Nam Tran and Le Ngoc Anh discovered two vulnerabilities in the Media Library Assistant plugin. The first vulnerability (CVE-2024-3518) is an SQL Injection vulnerability with a CVSS score of 8.8. It exists in the plugin's shortcode(s) due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query. Authenticated attackers with contributor access or higher can exploit this to append additional SQL queries into already existing queries, allowing them to extract sensitive information from the database.

The second vulnerability (CVE-2024-3519) is a Reflected Cross-Site Scripting (XSS) vulnerability with a CVSS score of 6.1. It exists in the lang parameter due to insufficient input sanitization and output escaping. Unauthenticated attackers can exploit this to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

Both vulnerabilities have been patched in version 3.16 of the Media Library Assistant plugin.

Risks and Potential Impacts

If left unpatched, these vulnerabilities could lead to serious consequences for your website. The SQL Injection vulnerability could allow attackers to extract sensitive information from your database, such as user credentials, customer data, or financial information. The Reflected XSS vulnerability could enable attackers to inject malicious scripts into your website, potentially leading to defacement, malware distribution, or phishing attacks targeting your website's users.

Remediating the Vulnerabilities

To protect your website from these vulnerabilities, it is crucial to update the Media Library Assistant plugin to version 3.16 or later immediately. Additionally, review your site's database and pages for any suspicious or unexpected content that may indicate a successful exploit. As a precaution, you might also consider using alternative plugins that offer similar functionality.

Previous Vulnerabilities

It's worth noting that the Media Library Assistant plugin has had 12 previous vulnerabilities since May 2018. This highlights the importance of regularly monitoring and updating your WordPress plugins to ensure the ongoing security of your website.

The Importance of Staying Updated

As a small business owner, managing website security can be challenging, especially when you have limited time and resources. However, the consequences of neglecting website security can be severe, ranging from data breaches and reputation damage to financial losses and legal liabilities.

To stay on top of security vulnerabilities, it's essential to keep your WordPress plugins, themes, and core software up to date. Regularly monitor your website for any suspicious activity, and consider using security plugins or services that can help you scan for vulnerabilities and protect against potential threats.

If you're unsure about how to manage your website's security or need assistance with the update process, don't hesitate to seek help from professionals. Many web development and security companies offer services tailored to small businesses, ensuring that your website remains secure without requiring you to become a security expert yourself.

By prioritizing website security and staying informed about the latest vulnerabilities, you can protect your business, your customers, and your online reputation. Remember, investing in website security is not just a cost – it's an investment in the long-term success and stability of your business.

Staying on top of WordPress security can feel overwhelming for small business owners without dedicated IT staff. At Your WP Guy, we exist to shoulder that burden for you. Our WordPress experts can fully audit, secure, maintain and support your site - so you can focus on growing your business with peace of mind.

Don't tackle security risks alone. Let us help you assess any impact from this vulnerability, update your plugins, and implement ongoing maintenance to avoid future threats. We treat your website like it's our own - because we know how critical it is for reaching your customers.

Get in touch for a free consultation today on making WordPress security stress-free. Call 678-995-5169 or book a call here. Our knowledgeable team is ready to help you safeguard your online presence.

Media Library Assistant Vulnerability – Authenticated (Contributor+) SQL Injection via Shortcode & Reflected Cross-Site Scripting via lang – CVE-2024-3518 & CVE-2024-3519 | WordPress Plugin Vulnerability Report FAQs

Leave a Comment