Real Media Library < 4.18.29 – Author+ Stored XSS | CVE 2023-0285 | Plugin Vulnerabilities

Description

The plugin does not sanitise and escape the created folder names, which could allow users with the role of author and above to perform Stored Cross-Site Scripting attacks.

Proof of Concept

As a user with the author role, go to Media > Library and create a new folder with the following payload: "><img src onerror=alert(/XSS/)>

Then Add a new media (via Media > Add new), select the created folder with the payload, and upload a file, which will trigger the XSS. Any user using the malicious folder to upload files will have the XSS trigger

Affects Plugins

real-media-library-lite

Fixed in 4.18.29

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Bipul Jaiswal from SecureLayer7

Submitter

Bipul Jaiswal from SecureLayer7

Submitter website

https://securelayer7.net

Submitter twitter

Verified

Yes

WPVDB ID

adf09e29-baf5-4426-a281-6763c107d348

Timeline

Publicly Published

2023-01-30 (about 2 years ago)

Added

2023-01-30 (about 2 years ago)

Last Updated

2023-01-30 (about 2 years ago)

Other

Published

Title

Published

2021-06-30

Title

TaxoPress < 3.0.7.2 - Authenticated Stored Cross-Site Scripting (XSS)

Published

2025-12-11

Title

评论小秘书 <= 1.3.2 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF']

Published

2021-12-27

Title

Registration Magic < 5.0.1.9 - Reflected Cross-Site Scripting

Published

2025-10-12

Title

TheGem (Elementor) < 5.10.5.2 - Unauthenticated Stored Cross-Site Scripting

Published

2024-04-25

Title

Newsletter Popup <= 1.2 - Admin+ Stored XSS