CVE-2023-4634 Scanner
Detects 'Local File Inclusion (LFI)' vulnerability in Media Library Assistant plugin for WordPress affects v. before 3.09.
Short Info
Level
Critical
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 sec
Scan only one
Url
Toolbox
-
Media Library Assistant (MLA) is a popular WordPress plugin that provides enhanced multimedia management capabilities to users. Through the MLA plugin, users can easily manage, upload, and organize images, videos, audio files, and other multimedia content within the WordPress media library. With its intuitive interface and advanced features, MLA has become a go-to plugin for many WordPress developers and users.
However, the security of the MLA plugin has been compromised by the discovery of a critical vulnerability, CVE-2023-4634. This vulnerability is caused by insufficient controls on the file paths being supplied to the 'mla_stream_file' parameter in the ~/includes/mla-stream-image.php file. As a result, unauthenticated attackers can exploit this vulnerability to perform local file inclusion and remote code execution. This means that attackers can remotely execute arbitrary code on the server, potentially leading to data theft and website defacement.
When the CVE-2023-4634 vulnerability in the MLA plugin is exploited, the consequences can be devastating. An attacker can upload malicious files that will enable them to access and manipulate sensitive information stored on the server. This can include sensitive customer data, login credentials, and other sensitive information that can be used in identity theft or other malicious activities. Additionally, an attacker can use the vulnerability to deface the website, destroying the credibility and reputation of the website.
For those who want to quickly and easily learn about vulnerabilities in their digital assets, the pro features of the securityforeveryone.com platform provide an effective solution. By using this platform, users gain access to a robust suite of tools and features that can help identify and mitigate vulnerabilities in their digital assets, including WordPress plugins like the MLA plugin. With securityforeveryone.com, users can rest easy knowing that their digital assets are protected against the latest threats and vulnerabilities.
REFERENCES
- https://github.com/Patrowl/CVE-2023-4634/
- https://packetstormsecurity.com/files/174508/wpmla309-lfiexec.tgz
- https://patrowl.io/blog-wordpress-media-library-rce-cve-2023-4634/
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2955933%40media-library-assistant&new=2955933%40media-library-assistant&sfp_email=&sfph_mail=#file4
- https://www.wordfence.com/threat-intel/vulnerabilities/id/05c68377-feb6-442d-a3a0-1fbc246c7cbf?source=cve
control security posture