CVE-2024-2328

Name of the Vulnerable Software and Affected Versions The Real Media Library: Media Library Folder & File Manager plugin for WordPress versions prior to 4.22.12

Description The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping in the image title and alt text. This allows authenticated attackers with author access or higher to inject arbitrary web scripts in pages, which will execute when a user accesses the injected page.

Recommendations For versions prior to 4.22.12, update to version 4.22.12 or later to resolve the issue. As a temporary workaround, consider restricting access to the image title and alt text fields to minimize the risk of exploitation.