CVE-2023-4634 Media Library Assistant <= 3.09 - Unauthenticated Local/Remote File Inclusion & Remote Code Execution

🗓️ 06 Sep 2023 08:27:50Reported by WordfenceType

Media Library Assistant plugin for WordPress vulnerability to Local File Inclusion and Remote Code Execution

Reporter	Title	Published	Views	Family All 20
GithubExploit	Exploit for CVE-2023-4634	4 Feb 202617:59	–	githubexploit
GithubExploit	Exploit for CVE-2023-4634	5 Sep 202307:44	–	githubexploit
0day.today	Wordpress Media Library Assistant Plugin - Remote Code Execution / Local File Inclusion Exploit	9 Oct 202300:00	–	zdt
BDU FSTEC	The vulnerability of the Imagick() function (~/includes/mla-stream-image.php) of the Media Library Assistant plugin of the WordPress content management system allows a hacker to execute arbitrary code.	11 Sep 202300:00	–	bdu_fstec
Circl	CVE-2023-4634	5 Sep 202311:57	–	circl
CNNVD	WordPress plugin Media Library Assistant security vulnerability	6 Sep 202300:00	–	cnnvd
CVE	CVE-2023-4634	6 Sep 202308:27	–	cve
Exploit DB	Media Library Assistant Wordpress Plugin - RCE and LFI	9 Oct 202300:00	–	exploitdb
Nuclei	Media Library Assistant < 3.09 - Remote Code Execution/Local File Inclusion	12 Jun 202603:02	–	nuclei
NVD	CVE-2023-4634	6 Sep 202309:15	–	nvd

[
  {
    "vendor": "dglingren",
    "product": "Media Library Assistant",
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "lessThanOrEqual": "3.09",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
patrowl	www.patrowl.io/blog-wordpress-media-library-rce-cve-2023-4634/
plugins	www.plugins.trac.wordpress.org/changeset
github	www.github.com/Patrowl/CVE-2023-4634/
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/05c68377-feb6-442d-a3a0-1fbc246c7cbf
packetstormsecurity	www.packetstormsecurity.com/files/174508/wpmla309-lfiexec.tgz

08 Apr 2026 16:33Current

10High risk

Vulners AI Score10

CVSS 3.19.8

EPSS0.92062

CWE-73