CVE-2026-34885

HIGH NUCLEI

WordPress Media LIbrary Assistant plugin <= 3.34 - SQL Injection vulnerability

Title source: cna

Exploitation Summary

CVE-2026-34885 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David Lingren Media LIbrary Assistant allows SQL Injection.This issue affects Media LIbrary Assistant: from n/a through 3.34.

Nuclei Templates (1)

WordPress Media Library Assistant <= 3.34 - SQL Injection

HIGHVERIFIEDby theamanrawat

Shodan: http.html:"/wp-content/plugins/media-library-assistant/"

FOFA: body="/wp-content/plugins/media-library-assistant/"

References (1)

Core 1

Core References

Vdb Entry vdb-entry

https://patchstack.com/database/wordpress/plugin/media-library-assistant/vulnerability/wordpress-media-library-assistant-plugin-3-34-sql-injection-vulnerability?_s_id=cve

Scores

CVSS v3 8.5

EPSS 0.0921

EPSS Percentile 92.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-89

Status published

Products (1)

David Lingren/Media LIbrary Assistant < 3.34

Published Apr 06, 2026

Tracked Since Apr 06, 2026