CVE-2023-0285

Published Feb 21, 2023

Last updated a year ago

Overview

Description: The Real Media Library WordPress plugin before 4.18.29 does not sanitise and escape the created folder names, which could allow users with the role of author and above to perform Stored Cross-Site Scripting attacks.
Source: contact@wpscan.com
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 3.1

Type: Primary
Base score: 5.4
Impact score: 2.7
Exploitability score: 2.3
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Severity: MEDIUM

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:devowl:real_media_library:*:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FD510822-D54D-4D33-8B8B-68C8EE7656E1",
            "versionEndExcluding": "4.18.29"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References