CVE-2025-11738
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-18

Last updated on: 2025-10-21

Assigner: Wordfence

Description
The Media Library Assistant plugin for WordPress is vulnerable to limited file reading in all versions up to, and including, 3.29 via the mla-stream-image.php file. This makes it possible for unauthenticated attackers to read the contents of arbitrary ai/eps/pdf/ps files on the server, which can contain sensitive information.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-18
Last Modified
2025-10-21
Generated
2026-06-16
AI Q&A
2025-10-18
EPSS Evaluated
2026-06-15
NVD
CVE-2025-11738
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
wordpress media_library_assistant *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-73 The product allows user input to control or influence paths or file names that are used in filesystem operations.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The Media Library Assistant plugin for WordPress has a vulnerability in the mla-stream-image.php file that allows unauthenticated attackers to read the contents of certain file types (ai, eps, pdf, ps) on the server. This means attackers can access potentially sensitive information stored in these files without needing to log in or have special permissions.

Impact Analysis

This vulnerability can impact you by exposing sensitive information stored in ai, eps, pdf, or ps files on your server to unauthorized users. Since attackers do not need authentication, they can access confidential data, which could lead to information disclosure and potential misuse of that data.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-11738. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart