CVE-2023-0285 Real Media Library < 4.18.29 - Author+ Stored XSS

2023-02-2108:50:42

WPScan

www.cve.org

cve-2023-0285

real media library

wordpress plugin

stored xss

cross-site scripting

0.001 Low

EPSS

Percentile

23.5%

JSON

The Real Media Library WordPress plugin before 4.18.29 does not sanitise and escape the created folder names, which could allow users with the role of author and above to perform Stored Cross-Site Scripting attacks.

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "Real Media Library: Media Library Folder & File Manager",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "4.18.29"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]

References

wpscan.com/vulnerability/adf09e29-baf5-4426-a281-6763c107d348

0.001 Low

EPSS

Percentile

23.5%

JSON

Related for CVELIST:CVE-2023-0285