cleantalk
Vulnerabilities and Security Researches

Media Library Assistant, CVE-2025-11738

CVE, Research URL

CVE-2025-11738

Home page URL

Security reports for Media Library Assistant

Application

Media Library Assistant

Published on
Oct 18, 2025
Research Description
The Media Library Assistant plugin for WordPress is vulnerable to limited file reading in all versions up to, and including, 3.29 via the mla-stream-image.php file. This makes it possible for unauthenticated attackers to read the contents of arbitrary ai/eps/pdf/ps files on the server, which can contain sensitive information.
Affected versions
max 3.30.
Status
vulnerable
Previous vulnerability researches
Media Library Assistant (CVE-2024-6823) , Aug 13, 2024
Media Library Assistant (CVE-2025-8357) , Aug 20, 2025
Media Library Assistant (CVE-2024-5544) , Jul 03, 2024
Media Library Assistant (CVE-2025-31627) , Apr 02, 2025
Media Library Assistant (CVE-2025-7035) , Jul 19, 2025
New vulnerability
Real Cookie Banner: GDPR & ePrivacy Cookie Consent (CVE-2025-12136) , Nov 09, 2025
Smart Coupons For WooCommerce Coupons (CVE-2025-64358) , Nov 09, 2025
Media Library Assistant (CVE-2025-11738) , Nov 09, 2025
FileBird – WordPress Media Library Folders & File Manager (CVE-2025-11510) , Oct 29, 2025
WordPress Webinar Plugin – WebinarPress (CVE-2025-62972) , Oct 29, 2025