CVE-2026-34885

WordPress Media LIbrary Assistant plugin <= 3.34 - SQL Injection vulnerability

CVSS 8.5 HIGHEPSS 1.7%CWE-89

Vexday Risk Score

36Attention

SSVC decision (CISA)

Attend

PoC available → attend closely

CVSS 8.5EPSS 1.7%KEV nãoPoC —Nuclei simMetasploit —Patch —

Lifecycle

06 Apr 2026Published on NVD

Recommendation: Plan a near-term fix — a public PoC already exists.

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David Lingren Media LIbrary Assistant allows SQL Injection.This issue affects Media LIbrary Assistant: from n/a through 3.34.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L

Affected products

David Lingren · Media LIbrary Assistant

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://patchstack.com/database/wordpress/plugin/media-library-assistant/vulnerability/wordpress-media-library-assistant-plugin-3-34-sql-injection-vulnerability?_s_id=cve