CVE-2025-11738
📋 TL;DR
The Media Library Assistant WordPress plugin has a vulnerability that allows unauthenticated attackers to read arbitrary AI, EPS, PDF, and PS files on the server. This affects all versions up to and including 3.29. Sensitive information in these file types could be exposed.
💻 Affected Systems
- Media Library Assistant WordPress plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers exfiltrate sensitive documents containing credentials, personal data, or proprietary information, leading to data breaches and compliance violations.
Likely Case
Attackers scan for and download exposed files containing configuration data, API keys, or other sensitive information that could enable further attacks.
If Mitigated
With proper file permissions and network controls, attackers can only access publicly readable files, limiting exposure to non-sensitive content.
🎯 Exploit Status
Exploitation requires crafting specific HTTP requests to the mla-stream-image.php file with file path parameters.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version 3.30 or later
Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3379044/media-library-assistant
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find Media Library Assistant. 4. Click 'Update Now' if available, or manually update to version 3.30+. 5. Verify update completes successfully.
🔧 Temporary Workarounds
Temporary file access restriction
allBlock direct access to the vulnerable mla-stream-image.php file via web server configuration
For Apache: Add 'Deny from all' to .htaccess in plugin directory
For Nginx: Add 'location ~ mla-stream-image\.php$ { deny all; }' to site config
🧯 If You Can't Patch
- Disable the Media Library Assistant plugin immediately
- Implement strict network access controls to limit exposure to trusted IPs only
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Plugins > Media Library Assistant version. If version is 3.29 or lower, system is vulnerable.Check Version:
wp plugin list --name='Media Library Assistant' --field=versionVerify Fix Applied:
Confirm plugin version is 3.30 or higher in WordPress admin panel, then test that mla-stream-image.php no longer serves arbitrary files.📡 Detection & Monitoring
Log Indicators:
- HTTP requests to /wp-content/plugins/media-library-assistant/includes/mla-stream-image.php with file path parameters
- Unusual file access patterns to AI/EPS/PDF/PS files
Network Indicators:
- Outbound transfers of AI/EPS/PDF/PS files from web server to untrusted IPs
- Repeated requests to mla-stream-image.php with different file parameters
SIEM Query:
source="web_access_logs" AND uri="/wp-content/plugins/media-library-assistant/includes/mla-stream-image.php" AND (query="*file=*" OR query="*path=*")🔗 References
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3379043%40media-library-assistant&new=3379043%40media-library-assistant&sfp_email=&sfph_mail=
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3379044%40media-library-assistant&new=3379044%40media-library-assistant&sfp_email=&sfph_mail=
- https://www.wordfence.com/threat-intel/vulnerabilities/id/43d1264a-2265-4423-a643-7ef6436d3764?source=cve
