The Media Library Assistant plugin for WordPress is vulnerable
to Local File Inclusion and Remote Code Execution in versions up
to, and including, 3.09. This is due to insufficient controls on
file paths being supplied to the 'mla_stream_file' parameter from
the ~/includes/mla-stream-image.php file, where images are
processed via Imagick(). This makes it possible for unauthenticated
attackers to supply files via FTP that will make directory lists,
local file inclusion, and remote code execution possible.
(CVSS:9.8) (EPSS:5.69%) (Last Update:2023-09-11 13:29:41)
Read more https://www.cvedetails.com/cve/CVE-2023-4634/?utm_source=rssfeed