Title: Vulnerability Alert Last modified: December 9, 2025 --- # Vulnerability Alert * Resolved [Mark Howells-Mead](https://wordpress.org/support/users/markhowellsmead/) * (@markhowellsmead) * [4 months ago](https://wordpress.org/support/topic/vulnerability-alert-3/) * The following security problem has been issued for this plugin. * > Broken Access Control vulnerability discovered by Certus Cybersecurity in WordPress > Plugin Media Library Assistant (versions <= 3.30) Viewing 4 replies - 1 through 4 (of 4 total) * Plugin Author [David Lingren](https://wordpress.org/support/users/dglingren/) * (@dglingren) * [4 months ago](https://wordpress.org/support/topic/vulnerability-alert-3/#post-18749829) * Thanks for your report. I am aware of this notification and have asked Patchstack for the original report so I can investigate further and resolve the problem. I will post an update here when I have progress to report. * Plugin Author [David Lingren](https://wordpress.org/support/users/dglingren/) * (@dglingren) * [4 months ago](https://wordpress.org/support/topic/vulnerability-alert-3/#post-18752630) * Thanks for your patience. Further investigation revealed that this vulnerability was reported to me back in September. I developed a patch to correct it, and this was part of MLA v3.30 released on October 19. I made some sort of mistake in reporting the fix back to Patchstack, and I regret the confusion. I am working with them to clear that up now. Rest assured the fix is part of the current MLA version. * I will mark this topic resolved when I have straightened things out with Patchstack and WordFence. * Plugin Author [David Lingren](https://wordpress.org/support/users/dglingren/) * (@dglingren) * [3 months, 2 weeks ago](https://wordpress.org/support/topic/vulnerability-alert-3/#post-18768071) * Please see this related topic for more information: * [Broken Access Control vulnerability (<= 3.3.0) | WordPress.org](https://wordpress.org/support/topic/broken-access-control-vulnerability-3-3-0/) * Thank you. * Plugin Author [David Lingren](https://wordpress.org/support/users/dglingren/) * (@dglingren) * [2 months, 2 weeks ago](https://wordpress.org/support/topic/vulnerability-alert-3/#post-18800629) * I am happy to report that WordFence has validated the patch I added to MLA v3.30 and updated their report, which you can see here: * [Media Library Assistant <= 3.29 – Missing Authorization](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/media-library-assistant/media-library-assistant-330-missing-authorization) * I assume that Patchstack will validate the patch and update their database eventually. * I have released MLA v3.31, which contains the patch and several other updates. I am marking this topic resolved, but please update it if you have any questions about the patch. Thank you for your patience! Viewing 4 replies - 1 through 4 (of 4 total) You must be [logged in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Fvulnerability-alert-3%2F%3Foutput_format%3Dmd&locale=en_US) to reply to this topic. * ![](https://ps.w.org/media-library-assistant/assets/icon-256x256.png?rev=973502) * [Media Library Assistant](https://wordpress.org/plugins/media-library-assistant/) * [Frequently Asked Questions](https://wordpress.org/plugins/media-library-assistant/#faq) * [Support Threads](https://wordpress.org/support/plugin/media-library-assistant/) * [Active Topics](https://wordpress.org/support/plugin/media-library-assistant/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/media-library-assistant/unresolved/) * [Reviews](https://wordpress.org/support/plugin/media-library-assistant/reviews/) * 7 replies * 2 participants * Last reply from: [David Lingren](https://wordpress.org/support/users/dglingren/) * Last activity: [2 months, 2 weeks ago](https://wordpress.org/support/topic/vulnerability-alert-3/#post-18800629) * Status: resolved