The plugin is vulnerable to Stored Cross-Site Scripting via the name parameter in the ~/inc/overrides/lite/rest/Folder.php file which allows author-level attackers to inject arbitrary web scripts in folder names.
CPE | Name | Operator | Version |
---|---|---|---|
real-media-library-lite | lt | 4.14.2 |