CVE-2025-63065 WordPress Media LIbrary Assistant plugin <= 3.29 - Broken Access Control vulnerability

🗓️ 09 Dec 2025 14:52:34Reported by PatchstackType

WordPress Media Library Assistant plugin suffers broken access control via user controlled key enabling auth bypass up to 3.30.

Reporter	Title	Published	Views	Family All 10
ATTACKERKB	CVE-2025-63065	9 Dec 202514:52	–	attackerkb
Circl	CVE-2025-63065	9 Dec 202515:27	–	circl
CNNVD	WordPress plugin Media Library Assistant 安全漏洞	9 Dec 202500:00	–	cnnvd
CVE	CVE-2025-63065	9 Dec 202514:52	–	cve
EUVD	EUVD-2025-201964	9 Dec 202518:30	–	euvd
NVD	CVE-2025-63065	9 Dec 202516:18	–	nvd
Patchstack	WordPress Media LIbrary Assistant plugin <= 3.29 - Broken Access Control vulnerability	9 Oct 202505:27	–	patchstack
Positive Technologies	PT-2025-50065	9 Dec 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-63065	10 Dec 202515:13	–	redhatcve
Vulnrichment	CVE-2025-63065 WordPress Media LIbrary Assistant plugin <= 3.29 - Broken Access Control vulnerability	9 Dec 202514:52	–	vulnrichment

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "media-library-assistant",
    "product": "Media LIbrary Assistant",
    "vendor": "David Lingren",
    "versions": [
      {
        "changes": [
          {
            "at": "3.30",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "3.29",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
patchstack	www.patchstack.com/database/Wordpress/Plugin/media-library-assistant/vulnerability/wordpress-media-library-assistant-plugin-3-30-broken-access-control-vulnerability

28 Apr 2026 16:14Current

CVSS 3.15.3

EPSS0.00314

CWE-639