Severity by source
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L
Network-reachable WordPress endpoint with low-privilege auth (PR:L), no interaction; blind SQLi yields high confidentiality via DB read, scope-changed to WordPress DB, minor availability from query load.
Primary rating from Vendor (patchstack).
CVSS VectorVendor: patchstack
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L
Lifecycle Timeline
1DescriptionCVE.org
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David Lingren Media LIbrary Assistant allows Blind SQL Injection.
This issue affects Media LIbrary Assistant: from n/a through 3.35.
AnalysisAI
Blind SQL injection in the David Lingren Media Library Assistant WordPress plugin (versions up to and including 3.35) allows authenticated low-privilege users to inject SQL via unsanitized input into a database query, with scope-changed impact reaching the underlying WordPress database. No public exploit identified at time of analysis, but the plugin's wide WordPress deployment footprint and the low privilege bar make this a meaningful risk for multi-author sites. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Requires an authenticated WordPress session at a low privilege level (CVSS PR:L - typically Subscriber, Contributor, or Author depending on the vulnerable endpoint) on a site where the Media Library Assistant plugin is installed and active at version 3.35 or earlier. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 vector AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L yields 8.5 (High): network-reachable, low complexity, requires only a low-privilege authenticated user (e.g., Subscriber/Contributor/Author depending on the affected endpoint), no user interaction, and high confidentiality impact via blind extraction. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker registers or compromises a low-privilege WordPress account on a site running Media Library Assistant <= 3.35, then issues crafted requests to a vulnerable plugin endpoint with SQL payloads in a parameter that is unsafely interpolated into a query. Using boolean- or time-based blind techniques (e.g., via sqlmap), the attacker exfiltrates wp_users password hashes and secret keys row by row, then attempts offline cracking or session hijacking to escalate to administrator. |
| Remediation | No vendor-released patch identified at time of analysis from the provided data; consult the Patchstack advisory at https://patchstack.com/database/wordpress/plugin/media-library-assistant/vulnerability/wordpress-media-library-assistant-plugin-3-35-sql-injection-vulnerability and upgrade to any release later than 3.35 once the maintainer publishes a fix on the WordPress.org plugin page. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
24 hours: Identify WordPress installations using David Lingren Media Library Assistant ≤3.35; prioritize sites with multi-author configurations. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-89 – SQL Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-37895
GHSA-q46q-2v7c-wpch