CVE-2025-11738
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-18

Last updated on: 2025-10-21

Assigner: Wordfence

Description
The Media Library Assistant plugin for WordPress is vulnerable to limited file reading in all versions up to, and including, 3.29 via the mla-stream-image.php file. This makes it possible for unauthenticated attackers to read the contents of arbitrary ai/eps/pdf/ps files on the server, which can contain sensitive information.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-18
Last Modified
2025-10-21
Generated
2026-05-07
AI Q&A
2025-10-18
EPSS Evaluated
2026-05-05
NVD
CVE-2025-11738
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
wordpress media_library_assistant *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-73 The product allows user input to control or influence paths or file names that are used in filesystem operations.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

The Media Library Assistant plugin for WordPress has a vulnerability in the mla-stream-image.php file that allows unauthenticated attackers to read the contents of certain file types (ai, eps, pdf, ps) on the server. This means attackers can access potentially sensitive information stored in these files without needing to log in or have special permissions.


How can this vulnerability impact me? :

This vulnerability can impact you by exposing sensitive information stored in ai, eps, pdf, or ps files on your server to unauthorized users. Since attackers do not need authentication, they can access confidential data, which could lead to information disclosure and potential misuse of that data.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart