EUVD-2026-19309
GHSA-39w8-449c-wqw6
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L
Lifecycle Timeline
4Tags
Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David Lingren Media LIbrary Assistant allows SQL Injection.This issue affects Media LIbrary Assistant: from n/a through 3.34.
Analysis
SQL injection in WordPress Media Library Assistant plugin through version 3.34 allows authenticated attackers with low-level privileges to extract sensitive database contents and potentially disrupt availability. The vulnerability has a CVSS score of 8.5 (High) with scope change, indicating authenticated attackers can access data beyond their permission level. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify all WordPress instances running Media Library Assistant plugin and document current versions. Within 7 days: Disable or uninstall Media Library Assistant plugin immediately as no vendor patch is available; evaluate alternative media management solutions and migrate content if necessary. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today