The Real Media Library: Media Library Folder & File Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via folder names in versions up to, and including, 4.18.28 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with author-level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
References
Link | Resource |
---|---|
https://devowlio.gitbook.io/changelogs/wordpress-plugins/real-media-library | Release Notes Vendor Advisory |
https://wordpress.org/plugins/real-media-library-lite/ | Product Third Party Advisory |
https://www.wordfence.com/threat-intel/vulnerabilities/id/950d71ae-29a1-4b71-b74a-b1a5c9f3326e | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Wordfence
Published: 2023-02-02T14:38:56.927Z
Updated:
Reserved: 2023-01-12T17:24:16.154Z
Link: CVE-2023-0253
JSON object: View
NVD Information
Status : Modified
Published: 2023-02-02T21:22:47.117
Modified: 2023-11-07T03:59:58.583
Link: CVE-2023-0253
JSON object: View
Redhat Information
No data.
CWE
No CWE.