CVE-2025-8357 is a medium-severity vulnerability affecting the Media Library Assistant plugin for WordPress, developed by dglingren. This vulnerability arises from missing authorization checks (CWE-862) in the _process_mla_download_file function, which is responsible for handling file downloads within the plugin. Specifically, the plugin fails to properly validate file paths and verify user capabilities before allowing file deletion operations in the /wp-content/uploads directory. As a result, any authenticated user with Author-level privileges or higher can exploit this flaw to delete arbitrary files within the uploads directory on the server. This vulnerability affects all versions of the plugin up to and including version 3.27. The CVSS v3.1 base score is 4.3, reflecting a medium severity rating, with an attack vector of network (remote), low attack complexity, requiring privileges (Author-level or above), no user interaction, and limited impact on availability only (no confidentiality or integrity impact). There are no known exploits in the wild at the time of publication, and no official patches have been released yet. The vulnerability could be leveraged by malicious insiders or compromised accounts to disrupt website operations by deleting media files, potentially causing denial of service or content loss. However, the scope is limited to the /wp-content/uploads directory, and exploitation requires authenticated access with Author or higher privileges, which limits the attack surface somewhat.

For European organizations using WordPress with the Media Library Assistant plugin, this vulnerability could lead to targeted disruption of website content management. Deletion of files in the uploads directory can result in broken media links, loss of images, documents, or other uploaded assets critical for business operations, marketing, or customer engagement. While the vulnerability does not directly compromise confidentiality or integrity of data, the availability impact could degrade user experience and damage organizational reputation. Organizations relying heavily on WordPress for e-commerce, publishing, or public-facing services may face operational downtime or require costly recovery efforts. Additionally, attackers with Author-level access could use this vulnerability as part of a broader attack chain to weaken site defenses or prepare for further exploitation. Given the widespread use of WordPress in Europe, especially among SMEs and public sector websites, the impact could be significant if exploited at scale. However, the requirement for authenticated access and the medium severity rating reduce the likelihood of widespread automated exploitation.

European organizations should take immediate steps to mitigate this vulnerability beyond generic advice. First, restrict Author-level and higher privileges strictly to trusted users and regularly audit user roles and permissions to minimize the risk of insider threats or compromised accounts. Implement multi-factor authentication (MFA) for all WordPress user accounts with elevated privileges to reduce the risk of unauthorized access. Monitor and log file deletion activities within the /wp-content/uploads directory to detect suspicious behavior early. Until an official patch is released, consider temporarily disabling or removing the Media Library Assistant plugin if it is not critical to operations. Alternatively, apply virtual patching via Web Application Firewalls (WAFs) to block suspicious requests targeting the _process_mla_download_file function or anomalous file deletion attempts. Regularly back up the uploads directory and WordPress site to enable rapid restoration in case of file deletion. Finally, stay informed about updates from the plugin vendor and apply security patches promptly once available.