{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/media-library-assistant-plugin-for-wordpress--3.35/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":8.1,"id":"CVE-2026-6075"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Media Library Assistant plugin for WordPress \u003c= 3.35"],"_cs_severities":["medium"],"_cs_tags":["wordpress","csrf","plugin"],"_cs_type":"advisory","_cs_vendors":["Wordfence"],"content_html":"\u003cp\u003eThe Media Library Assistant plugin for WordPress is susceptible to Cross-Site Request Forgery (CSRF) attacks in versions up to and including 3.35. The vulnerability stems from the absence of nonce verification in the bulk action handlers within the plugin\u0026rsquo;s settings tab. An unauthenticated attacker can exploit this weakness by crafting a malicious request that, when triggered by a logged-in administrator, performs actions such as bulk deletion, editing, or purging of plugin settings and attachment metadata. This can lead to data loss, modification of plugin behavior, or other unintended consequences, highlighting the importance of timely patching.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker crafts a malicious HTML page containing a forged request targeting the vulnerable plugin\u0026rsquo;s settings tab handlers.\u003c/li\u003e\n\u003cli\u003eThe attacker distributes the malicious HTML page to a WordPress administrator, often via social engineering techniques (e.g., phishing email or malicious link).\u003c/li\u003e\n\u003cli\u003eThe administrator, while logged into the WordPress admin panel, unknowingly visits the attacker-controlled HTML page.\u003c/li\u003e\n\u003cli\u003eThe malicious page automatically sends the forged request to the WordPress server, impersonating the administrator. This request targets a bulk action handler, such as those responsible for deleting attachment metadata.\u003c/li\u003e\n\u003cli\u003eDue to the lack of nonce verification, the WordPress server processes the forged request as if it originated from the administrator.\u003c/li\u003e\n\u003cli\u003eThe targeted bulk action is executed, leading to the deletion, editing, or purging of plugin settings and attachment metadata, depending on the specific forged request.\u003c/li\u003e\n\u003cli\u003eThe attacker achieves the objective of manipulating the plugin settings or attachment metadata without direct authentication.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this CSRF vulnerability can lead to unauthorized modification or deletion of Media Library Assistant plugin settings and associated attachment metadata. This could result in disruption of website functionality, data loss, or exposure of sensitive information. The scope of the impact depends on the specific actions the attacker is able to trigger via the forged request. Given the wide adoption of WordPress and its plugin ecosystem, a successful exploit could affect numerous websites.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade the Media Library Assistant plugin to the latest version, which includes a fix for CVE-2026-6075.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect WordPress Media Library Assistant CSRF Attempt\u003c/code\u003e to monitor for potential exploitation attempts targeting the vulnerable plugin.\u003c/li\u003e\n\u003cli\u003eEducate WordPress administrators about the risks of CSRF attacks and the importance of avoiding suspicious links or websites.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-29T09:18:39Z","date_published":"2026-05-29T09:18:39Z","id":"https://feed.craftedsignal.io/briefs/2026-05-wordpress-mla-csrf/","summary":"The Media Library Assistant plugin for WordPress is vulnerable to Cross-Site Request Forgery (CVE-2026-6075) due to missing nonce verification, allowing unauthenticated attackers to trick an administrator into performing unauthorized bulk actions.","title":"Media Library Assistant WordPress Plugin vulnerable to CSRF (CVE-2026-6075)","url":"https://feed.craftedsignal.io/briefs/2026-05-wordpress-mla-csrf/"}],"language":"en","title":"CraftedSignal Threat Feed — Media Library Assistant Plugin for WordPress \u003c= 3.35","version":"https://jsonfeed.org/version/1.1"}