CVE Vulnerability

CVE-2023-0253

The Real Media Library: Media Library Folder & File Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via folder names in versions up to, and including, 4.18.28 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with author-level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

5.4 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.3 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://devowlio.gitbook.io/changelogs/wordpress-plugins/real-media-library Release Notes Vendor Advisory
https://wordpress.org/plugins/real-media-library-lite/ Product Third Party Advisory
https://www.wordfence.com/threat-intel/vulnerabilities/id/950d71ae-29a1-4b71-b74a-b1a5c9f3326e Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:devowl:wordpress_real_media_library:*:*:*:*:*:wordpress:*:*
Information

Published : 2023-02-02 09:22

Updated : 2023-02-09 09:44

NVD link : CVE-2023-0253

Mitre link : CVE-2023-0253

Products Affected

Devowl

Wordpress Real Media Library

CWE
CWE-79