CVE-2025-8357
BaseFortify
Publication date: 2025-08-19
Last updated on: 2025-08-19
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wordpress | media_library_assistant | 3.27 |
| wordpress | media_library_assistant | 3.28 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the Media Library Assistant WordPress plugin allows authenticated users with Author-level access or higher to delete arbitrary files within the /wp-content/uploads/ directory. It occurs because the plugin's _process_mla_download_file function does not sufficiently validate file paths or check user capabilities, enabling attackers to perform unauthorized file deletions. The issue is specifically related to insufficient path validation and lack of proper checks before deleting files. [1]
How can this vulnerability impact me? :
If exploited, this vulnerability can lead to the deletion of important files within the /wp-content/uploads/ directory on your WordPress server. This could result in loss of media files, disruption of website content, and potential downtime or data loss. Since the attacker needs Author-level access or higher, a compromised or malicious user with such privileges could cause damage by deleting files arbitrarily. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if the Media Library Assistant plugin version is 3.27 or earlier, as these versions are vulnerable. On the system, you can look for suspicious file deletion activities in the /wp-content/uploads directory, especially deletions of .zip files with filenames starting with the MLA_OPTION_PREFIX and current date pattern. Since the vulnerability requires authenticated users with Author-level access or higher, monitoring logs for such users performing delete operations on files in /wp-content/uploads could indicate exploitation attempts. Specific commands could include: 1) Checking plugin version via WordPress admin or by inspecting the plugin files. 2) Using file system audit tools or commands like `find /path/to/wp-content/uploads -type f -name '*.zip' -exec stat {} \;` to check recent deletions or modifications. 3) Reviewing web server or application logs for requests to the Media Library Assistant download or delete actions. However, no explicit detection commands are provided in the resources. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability immediately, update the Media Library Assistant plugin to version 3.28 or later, as this version includes a security patch that adds strict path validation and file deletion controls preventing arbitrary file deletion. If updating is not immediately possible, restrict Author-level and above user permissions carefully to prevent unauthorized file deletions, and monitor file deletions in the /wp-content/uploads directory. Applying the patch described in the changeset 3336915, which enforces path normalization, rejects directory traversal sequences, and limits deletions to specific .zip files with controlled naming patterns, will effectively mitigate the vulnerability. [1]