PT-2025-42689 · WordPress · Media Library Assistant

Lucas Montes

Published

2025-10-18

Updated

2025-10-18

CVE-2025-11738

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Media Library Assistant plugin for WordPress versions prior to 3.30

Description The Media Library Assistant plugin for WordPress is susceptible to limited file reading through the mla-stream-image.php file. This allows unauthenticated attackers to read the contents of arbitrary ai, eps, pdf, and ps files on the server, potentially exposing sensitive information.

Recommendations Update to version 3.30 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-73

Related Identifiers

CVE-2025-11738

Affected Products

Media Library Assistant

PT-2025-42689 · WordPress · Media Library Assistant

CVE-2025-11738

Weakness Enumeration

Related Identifiers

Affected Products

References · 8