The Media Library Assistant plugin for WordPress permits unauthenticated readers to fetch data from the mla-stream-image.php endpoint. This allows an attacker to retrieve the contents of any .ai, .eps, .pdf, or .ps file stored on the server, exposing potentially sensitive information. The vulnerability stems from improper validation of file names (CWE‑73), resulting in a limited read of file contents rather than full file system traversal. The confidentiality of files residing on the host is therefore at risk, though there is no direct impact on integrity or availability. This flaw is limited to readers, so only individuals who can reach the vulnerable URL are affected.

WordPress sites running the Media Library Assistant plugin by dglingren, versions 3.29 and earlier. The flaw exists in all builds up to and including 3.29, regardless of other plugins or themes.

The CVSS v3 score of 5.3 indicates a moderate severity. The EPSS score of less than 1 % signals a low likelihood of exploitation in the wild, and the vulnerability is not listed in the CISA KEV catalog. Attackers would initiate the exploit by sending an unauthenticated HTTP request to mla-stream-image.php with a crafted file path. No privilege escalation or authentication is required, so the risk is confined to the ability to read files of those types stored on the web server. Given the low EPSS score, the overall risk to exposed sites remains moderate, but any sensitive documents stored in the targeted formats could be accessed by an attacker who discovers the CMS over the network.