{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-11738", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-10-14T13:25:58.992Z", "datePublished": "2025-10-18T05:41:55.159Z", "dateUpdated": "2026-04-08T16:49:14.472Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:49:14.472Z"}, "affected": [{"vendor": "dglingren", "product": "Media Library Assistant", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "3.29", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Media Library Assistant plugin for WordPress is vulnerable to limited file reading in all versions up to, and including, 3.29 via the mla-stream-image.php file. This makes it possible for unauthenticated attackers to read the contents of arbitrary ai/eps/pdf/ps files on the server, which can contain sensitive information."}], "title": "Media Library Assistant <= 3.29 - Unauthenticated Limited File Read", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/43d1264a-2265-4423-a643-7ef6436d3764?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3379044%40media-library-assistant&new=3379044%40media-library-assistant&sfp_email=&sfph_mail="}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3379043%40media-library-assistant&new=3379043%40media-library-assistant&sfp_email=&sfph_mail="}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-73 External Control of File Name or Path", "cweId": "CWE-73", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Lucas Montes"}], "timeline": [{"time": "2025-10-14T13:41:08.000Z", "lang": "en", "value": "Vendor Notified"}, {"time": "2025-10-17T17:26:53.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-10-20T18:58:46.731417Z", "id": "CVE-2025-11738", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-20T18:58:57.946Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-11738", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-10-20T18:58:46.731417Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-20T18:58:52.859Z"}}], "cna": {"title": "Media Library Assistant <= 3.29 - Unauthenticated Limited File Read", "credits": [{"lang": "en", "type": "finder", "value": "Lucas Montes"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}}], "affected": [{"vendor": "dglingren", "product": "Media Library Assistant", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "3.29"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-10-14T13:41:08.000Z", "value": "Vendor Notified"}, {"lang": "en", "time": "2025-10-17T17:26:53.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/43d1264a-2265-4423-a643-7ef6436d3764?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3379044%40media-library-assistant&new=3379044%40media-library-assistant&sfp_email=&sfph_mail="}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3379043%40media-library-assistant&new=3379043%40media-library-assistant&sfp_email=&sfph_mail="}], "descriptions": [{"lang": "en", "value": "The Media Library Assistant plugin for WordPress is vulnerable to limited file reading in all versions up to, and including, 3.29 via the mla-stream-image.php file. This makes it possible for unauthenticated attackers to read the contents of arbitrary ai/eps/pdf/ps files on the server, which can contain sensitive information."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-73", "description": "CWE-73 External Control of File Name or Path"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:49:14.472Z"}}}, "cveMetadata": {"cveId": "CVE-2025-11738", "state": "PUBLISHED", "dateUpdated": "2026-04-08T16:49:14.472Z", "dateReserved": "2025-10-14T13:25:58.992Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-10-18T05:41:55.159Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Media Library Assistant plugin for WordPress is vulnerable to limited file reading in all versions up to, and including, 3.29 via the mla-stream-image.php file. This makes it possible for unauthenticated attackers to read the contents of arbitrary ai/eps/pdf/ps files on the server, which can contain sensitive information."}], "id": "CVE-2025-11738", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-10-18T06:15:37.123", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3379043%40media-library-assistant&new=3379043%40media-library-assistant&sfp_email=&sfph_mail="}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3379044%40media-library-assistant&new=3379044%40media-library-assistant&sfp_email=&sfph_mail="}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/43d1264a-2265-4423-a643-7ef6436d3764?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-73"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-22T14:06:49.756988+00:00", "value": {"mitigation_remediation": ["Upgrade to Media Library Assistant 3.30 or newer; the fix is included in that release", "Configure web server rules (e.g., .htaccess or firewall) to deny external requests to mla-stream-image.php for non\u2011authenticated users", "If the plugin is not needed, disable or delete it to eliminate the attack surface"], "summary": {"action": "Patch", "impact": "Unauthenticated File Read"}, "threat_synthesis": {"affected_systems": "WordPress sites running the Media Library Assistant plugin by dglingren, versions 3.29 and earlier. The flaw exists in all builds up to and including 3.29, regardless of other plugins or themes.", "description_and_impact": "The Media Library Assistant plugin for WordPress permits unauthenticated readers to fetch data from the mla-stream-image.php endpoint. This allows an attacker to retrieve the contents of any .ai, .eps, .pdf, or .ps file stored on the server, exposing potentially sensitive information. The vulnerability stems from improper validation of file names (CWE\u201173), resulting in a limited read of file contents rather than full file system traversal. The confidentiality of files residing on the host is therefore at risk, though there is no direct impact on integrity or availability. This flaw is limited to readers, so only individuals who can reach the vulnerable URL are affected.", "risk_and_exploitability": "The CVSS v3 score of 5.3 indicates a moderate severity. The EPSS score of less than 1\u202f% signals a low likelihood of exploitation in the wild, and the vulnerability is not listed in the CISA KEV catalog. Attackers would initiate the exploit by sending an unauthenticated HTTP request to mla-stream-image.php with a crafted file path. No privilege escalation or authentication is required, so the risk is confined to the ability to read files of those types stored on the web server. Given the low EPSS score, the overall risk to exposed sites remains moderate, but any sensitive documents stored in the targeted formats could be accessed by an attacker who discovers the CMS over the network."}}}}, "created": "2025-10-20T13:21:35.662020+00:00", "updated": "2026-04-22T14:15:20.400361+00:00", "vendors": ["davidlingren", "davidlingren$PRODUCT$media_library_assistant", "wordpress", "wordpress$PRODUCT$wordpress"]}