CVE-2023-0285

The Real Media Library WordPress plugin before 4.18.29 does not sanitise and escape the created folder names, which could allow users with the role of author and above to perform Stored Cross-Site Scripting attacks.
Configurations

Configuration 1 (hide)

cpe:2.3:a:devowl:real_media_library:*:*:*:*:*:wordpress:*:*

History

21 Nov 2024, 07:36

Type Values Removed Values Added
References () https://wpscan.com/vulnerability/adf09e29-baf5-4426-a281-6763c107d348 - Exploit, Third Party Advisory () https://wpscan.com/vulnerability/adf09e29-baf5-4426-a281-6763c107d348 - Exploit, Third Party Advisory

07 Nov 2023, 04:00

Type Values Removed Values Added
CWE CWE-79

Information

Published : 2023-02-21 09:15

Updated : 2024-11-21 07:36


NVD link : CVE-2023-0285

Mitre link : CVE-2023-0285

CVE.ORG link : CVE-2023-0285


JSON object : View

Products Affected

devowl

  • real_media_library
CWE

No CWE.