CVE-2023-4634

CRITICAL EXPLOITED NUCLEI LAB

Media Library Assistant <3.09 - RCE

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2023-4634 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 3 public exploits from researchers including Florent MONTEL, Patrowl, Evillm. A Nuclei detection template is also available.

AI-analyzed exploit summary This exploit demonstrates an unauthenticated remote file inclusion (LFI) and potential remote code execution (RCE) in the Media Library Assistant WordPress plugin (< 3.10) via Imagick SVG conversion. It leverages a malicious SVG file hosted on an FTP server to trigger file disclosure or RCE depending on Imagick configuration.

Description

The Media Library Assistant plugin for WordPress is vulnerable to Local File Inclusion and Remote Code Execution in versions up to, and including, 3.09. This is due to insufficient controls on file paths being supplied to the 'mla_stream_file' parameter from the ~/includes/mla-stream-image.php file, where images are processed via Imagick(). This makes it possible for unauthenticated attackers to supply files via FTP that will make directory lists, local file inclusion, and remote code execution possible.

Exploits (3)

exploitdb WORKING POC
by Florent MONTEL · textwebappsphp
https://www.exploit-db.com/exploits/51737

This exploit demonstrates an unauthenticated remote file inclusion (LFI) and potential remote code execution (RCE) in the Media Library Assistant WordPress plugin (< 3.10) via Imagick SVG conversion. It leverages a malicious SVG file hosted on an FTP server to trigger file disclosure or RCE depending on Imagick configuration.

Classification
Working Poc 90%
Attack Type
Rce | Lfi
Complexity
Moderate
Reliability
Reliable
Target: Media Library Assistant WordPress Plugin < 3.10
No auth needed
Prerequisites: FTP server hosting malicious SVG files · Imagick installed on target with permissive policy.xml
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 46 stars
by Patrowl · remote
https://github.com/Patrowl/CVE-2023-4634

This repository contains a functional exploit for CVE-2023-4634, targeting an unauthenticated RCE vulnerability in the Media-Library-Assistant WordPress plugin (versions < 3.10). The exploit leverages SVG/MSL polyglot files and PNG/PHP polyglot generation to achieve remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Media-Library-Assistant WordPress plugin < 3.10
No auth needed
Prerequisites: Target URL · Remote FTP/HTTP server for file storage · Web server path on victim · PHP payload
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC
by Evillm · poc
https://github.com/Evillm/CVE-2023-4634-PoC

This repository contains a functional exploit PoC for CVE-2023-4634, targeting the WordPress Media Library Assistant plugin < 3.10. It includes a Dockerized vulnerable environment and a scanner that confirms RCE via a pre-placed web shell.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: WordPress Media Library Assistant plugin < 3.10
No auth needed
Prerequisites: Docker · Python 3.7+ · Target running vulnerable WordPress plugin
devstral-2 · analyzed Feb 19, 2026 Full analysis →

Nuclei Templates (1)

Media Library Assistant < 3.09 - Remote Code Execution/Local File Inclusion
CRITICALVERIFIEDby Pepitoh,ritikchaddha
Shodan: http.html:wp-content/plugins/media-library-assistant
FOFA: body=wp-content/plugins/media-library-assistant

References (5)

Core 5

Scores

CVSS v3 9.8
EPSS 0.9206
EPSS Percentile 99.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Lab Environment

COMMUNITY
Community Lab
docker pull wordpress:6.3-php8.2-apache

Details

VulnCheck KEV 2023-12-04
CWE
CWE-73
Status published
Products (2)
davidlingren/media_library_assistant < 3.10
dglingren/Media Library Assistant < 3.09
Published Sep 06, 2023
Tracked Since Feb 18, 2026