cleantalk
Vulnerabilities and Security Researches

Media Library Assistant, CVE-2026-6075

CVE, Research URL

CVE-2026-6075

Home page URL

Security reports for Media Library Assistant

Application

Media Library Assistant

Published on
May 29, 2026
Research Description
The Media Library Assistant plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.35 This is due to missing nonce verification on the bulk action handlers in the settings tab handlers. This makes it possible for unauthenticated attackers to trick an administrator into performing bulk delete, edit, or purge operations on plugin settings and attachment metadata via a forged request.
Affected versions
max 3.36.
Status
vulnerable
Previous vulnerability researches
WS Force Login Page (CVE-2025-46521) , Apr 26, 2025
New vulnerability
TableOn – WordPress Posts Table Filterable  (CVE-2026-42755) , May 30, 2026
Everest Forms – Build Contact Forms, Surveys, Polls, Application Forms, and more with Ease! (CVE-2026-4888) , May 30, 2026
WPCS – WordPress Currency Switcher Professional (CVE-2026-42733) , May 30, 2026
QuickWebP – Compress / Optimize Images & Convert WebP | SEO Friendly (CVE-2026-42756) , May 30, 2026
Equalize Digital Accessibility Checker – Audit Your Website for WCAG, ADA, and Section 508 Accessibility Errors (CVE-2026-9015) , May 30, 2026