CVE-2025-63065

MEDIUM
2025-12-09 [email protected]
5.4
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

2
Analysis Generated
Apr 01, 2026 - 17:44 vuln.today
CVE Published
Dec 09, 2025 - 16:18 nvd
MEDIUM 5.4

Tags

WordPress PHP Authentication Bypass

Description

Authorization Bypass Through User-Controlled Key vulnerability in David Lingren Media LIbrary Assistant media-library-assistant allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Media LIbrary Assistant: from n/a through <= 3.29.

Analysis

Media Library Assistant WordPress plugin through version 3.29 allows authenticated users to bypass authorization controls and access or modify content they should not have permission to reach via user-controlled keys in access control mechanisms. The vulnerability requires an authenticated user with limited privileges (PR:L) and affects confidentiality and integrity of stored media library data, though with relatively low exploitation probability (EPSS 0.04%) and no confirmed active exploitation at time of analysis.

Technical Context

The vulnerability stems from CWE-639 (Authorization Through User-Controlled Key), a flaw in access control logic where the application relies on user-supplied parameters or keys to determine authorization decisions rather than enforcing server-side access control policies. Media Library Assistant, a WordPress plugin managing media file access and permissions, implements role-based or capability-based access controls that can be circumvented when user input directly influences whether authorization checks are performed. This is a common pattern in WordPress plugins where $_POST, $_GET, or REST API parameters containing user IDs, role names, or access keys are improperly trusted to validate permissions. The plugin affects WordPress installations relying on Media Library Assistant for managing media access controls.

Affected Products

Media Library Assistant WordPress plugin versions through 3.29 (CPE: cpe:2.3:a:davidlingren:media-library-assistant:*:*:*:*:*:wordpress:*:*). The vulnerability was confirmed by [email protected] and reported in the Patchstack vulnerability database for WordPress plugins. The advisory is available at https://patchstack.com/database/Wordpress/Plugin/media-library-assistant/vulnerability/wordpress-media-library-assistant-plugin-3-30-broken-access-control-vulnerability.

Remediation

Update Media Library Assistant to version 3.30 or later, which addresses the authorization bypass by implementing proper server-side access control validation that does not rely on user-controlled keys. WordPress administrators should navigate to Plugins > Installed Plugins, locate Media Library Assistant, and click Update to version 3.30+. No interim workarounds are practical for this class of vulnerability; patching is the primary remediation. Organizations unable to update immediately should restrict the plugin to trusted user roles with administrative oversight of media library access. Consult the Patchstack advisory for additional configuration guidance if needed.

Priority Score

27
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +27
POC: 0

Share

CVE-2025-63065 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy