VYPR

Moving Media Library

by WordPress

Source repositories

CVEs (2)

  • CVE-2024-13897MedMar 6, 2025
    risk 0.35cvss 6.5epss 0.01

    The Moving Media Library plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the generate_json_page function in all versions up to, and including, 1.22. This makes it possible for authenticated attackers, with…

  • CVE-2023-0285MedFeb 21, 2023
    risk 0.35cvss 5.4epss 0.00

    The Real Media Library WordPress plugin before 4.18.29 does not sanitise and escape the created folder names, which could allow users with the role of author and above to perform Stored Cross-Site Scripting attacks.