Lucene search
Bipul Jaiswal from SecureLayer7WPEX-ID:ADF09E29-BAF5-4426-A281-6763C107D348HistoryJan 30, 2023 - 12:00 a.m.
Real Media Library < 4.18.29 - Author+ Stored XSS
2023-01-3000:00:00
Bipul Jaiswal from SecureLayer7
134
media library
stored xss
author role
folder
payload
media
upload
exploit
0.001 Low
EPSS
Percentile
23.5%
The plugin does not sanitise and escape the created folder names, which could allow users with the role of author and above to perform Stored Cross-Site Scripting attacks.
As a user with the author role, go to Media > Library and create a new folder with the following payload: "><img src onerror=alert(/XSS/)>
Then Add a new media (via Media > Add new), select the created folder with the payload, and upload a file, which will trigger the XSS. Any user using the malicious folder to upload files will have the XSS triggerRelated
nvd
nvd
CVE-2023-0285
2023-02-21 09:15:12
cve
cve
CVE-2023-0285
2023-02-21 09:15:12
prion
prion
Cross site scripting
2023-02-21 09:15:00
wpvulndb
wpvulndb
Real Media Library < 4.18.29 - Author+ Stored XSS
2023-01-30 00:00:00
cvelist
cvelist
CVE-2023-0285 Real Media Library < 4.18.29 - Author+ Stored XSS
2023-02-21 08:50:42
wordfence
wordfence