WordPress Plugin Vulnerability Report – Media Library Assistant – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2023-4716

Plugin Name: Media Library Assistant

Key Information:

  • Software Type: Plugin
  • Software Slug: media-library-assistant
  • Software Status: Active
  • Software Author: David Lingren
  • Software Downloads: 1,759,449
  • Active Installs: 70,000
  • Last Updated: September 21, 2023
  • Patched Versions: <=3.10
  • Affected Versions: 3.11

Vulnerability Details:

  • Name: Media Library Assistant <= 3.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
  • Type: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
  • CVE: CVE-2023-4716
  • CVSS Score: 6.4 (medium)
  • Publicly Published: September 21, 2023
  • Researcher: Lana Codes
  • Description: The Media Library Assistant plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'mla_gallery' shortcode in versions up to, and including, 3.10 due to insufficient input sanitization and output escaping on user-supplied attributes. This allows authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Summary:

The Media Library Assistant for WordPress has a vulnerability in versions up to and including 3.10 that allows for Stored Cross-Site Scripting via the 'mla_gallery' shortcode due to insufficient input sanitization and output escaping. This vulnerability has been patched in version 3.11.

Detailed Overview:

The detailed examination by researcher Lana Codes revealed that the Media Library Assistant plugin, specifically in the 'mla_gallery' shortcode, failed to properly sanitize user input and escape output. This oversight made it possible for attackers, with contributor-level access and above, to inject malicious scripts into web pages. The injected script would then execute whenever a user accessed the compromised page, posing risks such as data theft, unauthorized access, and further exploitation. The vulnerability has been given a medium CVSS score of 6.4, emphasizing the need for immediate remediation.

Advice for Users:

  • Immediate Action: Users are encouraged to update to version 3.11 immediately to mitigate the risks associated with this vulnerability.
  • Check for Signs of Vulnerability: Regularly monitor website activity, user access logs, and perform security scans to identify any unusual or unauthorized activities that might indicate a compromise.
  • Alternate Plugins: While a patch is available, users might still consider plugins that offer similar functionality as a precaution.
  • Stay Updated: Always ensure that your plugins are updated to the latest versions to avoid vulnerabilities.

Conclusion:

The prompt response from the plugin developers to patch this vulnerability underscores the importance of timely updates. Users are advised to ensure that they are running version 3.11 or later to secure their WordPress installations.

References:


Detailed Report:

Keeping your WordPress site secure should be a top priority for any website owner. Unfortunately, vulnerabilities in plugins and themes can put your site at risk if left unaddressed. One such vulnerability has recently been discovered in the popular Media Library Assistant plugin used by over 70,000 WordPress sites. In this post, I’ll provide an overview of the vulnerability, its implications, and clear guidance on how to protect your site.

The Media Library Assistant plugin, with over 1.7 million downloads, is commonly used for managing media files in WordPress. However, researchers recently discovered a serious vulnerability affecting versions up to and including 3.10.

This vulnerability, tracked as CVE-2023-4716, allows authenticated users with contributor access or higher to inject malicious scripts into web pages. If exploited, it can lead to data theft, unauthorized access, and further site exploitation. The vulnerability stems from insufficient input sanitization and output escaping in the 'mla_gallery' shortcode.

The good news is that developers have already issued a patch in version 3.11. All users should update immediately to stay protected. You should also monitor site activity for any suspicious behavior and run regular security scans. As an added precaution, consider alternative plugins with similar functionality.

This is not the first vulnerability found in the Media Library Assistant. In fact, 8 previous vulnerabilities have been reported since May 2018, emphasizing the need to stay on top of updates.

To recap, be sure to update the Media Library Assistant plugin to version 3.11 or higher immediately. Watch for unusual activity and run security checks. Consider alternate plugins. And stay diligent about updates for all plugins and themes.

For busy website owners without much time to spare, staying on top of security can be challenging. But being proactive now can prevent major headaches down the road. Make a plan to regularly check plugins for updates, monitor activity logs, and run security scans. Taking these basic steps will go a long way in keeping your site safe.

Staying on top of WordPress security can feel overwhelming for small business owners without dedicated IT staff. At Your WP Guy, we exist to shoulder that burden for you. Our WordPress experts can fully audit, secure, maintain and support your site - so you can focus on growing your business with peace of mind.

Don't tackle security risks alone. Let us help you assess any impact from this vulnerability, update your plugins, and implement ongoing maintenance to avoid future threats. We treat your website like it's our own - because we know how critical it is for reaching your customers.

Get in touch for a free consultation today on making WordPress security stress-free. Call 678-995-5169 or book a call here. Our knowledgeable team is ready to help you safeguard your online presence.

WordPress Plugin Vulnerability Report – Media Library Assistant – Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode – CVE-2023-4716 FAQs

Leave a Comment