PatchSiren cyber security CVE debrief
CVE-2026-54198 David Lingren CVE debrief
CVE-2026-54198 is a high-severity Unauthenticated Cross Site Scripting (XSS) vulnerability in Media Library Assistant versions up to and including 3.35. The vulnerability has a CVSS score of 7.1 and was published on 2026-06-16T10:16:28.730Z. The vulnerability allows an unauthenticated attacker to inject malicious JavaScript code, potentially leading to unauthorized actions or data exposure. The affected product is Media Library Assistant, and the vendor is currently listed as Unknown Vendor.
- Vendor
- David Lingren
- Product
- Media LIbrary Assistant
- CVSS
- HIGH 7.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-16
- Original CVE updated
- 2026-06-16
- Advisory published
- 2026-06-16
- Advisory updated
- 2026-06-16
Who should care
Administrators and users of Media Library Assistant versions up to and including 3.35 should be aware of this vulnerability and take necessary actions to mitigate the risk.
Technical summary
The vulnerability is caused by a lack of proper input validation and sanitization in the Media Library Assistant plugin. An attacker can exploit this vulnerability by injecting malicious JavaScript code, which can then be executed by the browser. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L.
Defensive priority
high
Recommended defensive actions
- Update Media Library Assistant to a version that is not vulnerable.
- Implement additional security measures, such as input validation and sanitization, to prevent similar vulnerabilities.
Evidence notes
The evidence for this CVE comes from the National Vulnerability Database (NVD) and Patchstack.
Official resources
-
CVE-2026-54198 CVE record
CVE.org
-
CVE-2026-54198 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
CVE-2026-54198 was published on 2026-06-16T10:16:28.730Z and has not been modified since then.