File Reading Vulnerability in Media Library Assistant Plugin for WordPress
CVE-2025-11738

5.3MEDIUM

Key Information:

Vendor: WordPress
Status: Media Library Assistant
Vendor: CVE Published:; 18 October 2025

What is CVE-2025-11738?

The Media Library Assistant plugin for WordPress has a vulnerability that allows unauthenticated attackers to exploit the mla-stream-image.php file. This flaw enables attackers to read arbitrary files with extensions such as ai, eps, pdf, and ps stored on the server. If not addressed, this vulnerability may expose sensitive information that can compromise the security and integrity of affected WordPress installations.

Affected Version(s)

Media Library Assistant * <= 3.29

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/changeset?sfp_email=&s...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 18, 2025
Vulnerability Reserved
Oct 14, 2025

Credit

Lucas Montes

JSON