Skip to main content

Media Library Assistant EUVDEUVD-2026-37895

| CVE-2026-56012 HIGH
SQL Injection (CWE-89)
2026-06-18 audit@patchstack.com GHSA-q46q-2v7c-wpch
8.5
CVSS 3.1 · Vendor: patchstack
Share

Severity by source

Vendor (patchstack) PRIMARY
8.5 HIGH
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L
vuln.today AI
8.5 HIGH

Network-reachable WordPress endpoint with low-privilege auth (PR:L), no interaction; blind SQLi yields high confidentiality via DB read, scope-changed to WordPress DB, minor availability from query load.

3.1 AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:L/SI:N/SA:N

Primary rating from Vendor (patchstack).

CVSS VectorVendor: patchstack

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
None
Availability
Low

Lifecycle Timeline

1
Analysis Generated
Jun 18, 2026 - 14:32 vuln.today

DescriptionCVE.org

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David Lingren Media LIbrary Assistant allows Blind SQL Injection.

This issue affects Media LIbrary Assistant: from n/a through 3.35.

AnalysisAI

Blind SQL injection in the David Lingren Media Library Assistant WordPress plugin (versions up to and including 3.35) allows authenticated low-privilege users to inject SQL via unsanitized input into a database query, with scope-changed impact reaching the underlying WordPress database. No public exploit identified at time of analysis, but the plugin's wide WordPress deployment footprint and the low privilege bar make this a meaningful risk for multi-author sites. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain low-privilege WordPress account
Delivery
Identify vulnerable plugin endpoint
Exploit
Inject blind SQL payload in parameter
Execution
Infer database contents via boolean/time oracle
Persist
Exfiltrate wp_users hashes and secrets
Impact
Crack or reuse credentials for admin takeover

Vulnerability AssessmentAI

Exploitation Requires an authenticated WordPress session at a low privilege level (CVSS PR:L - typically Subscriber, Contributor, or Author depending on the vulnerable endpoint) on a site where the Media Library Assistant plugin is installed and active at version 3.35 or earlier. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L yields 8.5 (High): network-reachable, low complexity, requires only a low-privilege authenticated user (e.g., Subscriber/Contributor/Author depending on the affected endpoint), no user interaction, and high confidentiality impact via blind extraction. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker registers or compromises a low-privilege WordPress account on a site running Media Library Assistant <= 3.35, then issues crafted requests to a vulnerable plugin endpoint with SQL payloads in a parameter that is unsafely interpolated into a query. Using boolean- or time-based blind techniques (e.g., via sqlmap), the attacker exfiltrates wp_users password hashes and secret keys row by row, then attempts offline cracking or session hijacking to escalate to administrator.
Remediation No vendor-released patch identified at time of analysis from the provided data; consult the Patchstack advisory at https://patchstack.com/database/wordpress/plugin/media-library-assistant/vulnerability/wordpress-media-library-assistant-plugin-3-35-sql-injection-vulnerability and upgrade to any release later than 3.35 once the maintainer publishes a fix on the WordPress.org plugin page. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

24 hours: Identify WordPress installations using David Lingren Media Library Assistant ≤3.35; prioritize sites with multi-author configurations. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-37895 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy