Devowl Devowl

  1. Vendors
  2. Devowl

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Devowl product.

RSS Feeds for Devowl security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Devowl products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Devowl Sorted by Most Security Vulnerabilities since 2018

Devowl Real Media Library3 vulnerabilities

Devowl Wordpress Real Cookie Banner3 vulnerabilities

Devowl Wordpress Real Media Library2 vulnerabilities

Devowl Real Cookie Banner1 vulnerability

By the Year

In 2026 there have been 0 vulnerabilities in Devowl. Last year, in 2025 Devowl had 2 security vulnerabilities published. Right now, Devowl is on track to have less security vulnerabilities in 2026 than it did last year.




Year Vulnerabilities Average Score
2026 0 0.00
2025 2 6.80
2024 2 6.40
2023 2 5.40
2022 1 6.50
2021 1 5.40

It may take a day or so for new Devowl vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Devowl Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2025-12136 Oct 24, 2025
Real Cookie Banner WP Plugin SSRF before v5.2.4 /scanner/scan-without-login The Real Cookie Banner: GDPR & ePrivacy Cookie Consent plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.2.4. This is due to insufficient validation on the user-supplied URL in the '/scanner/scan-without-login' REST API endpoint. This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services via the `url` parameter.
Real Cookie Banner
CVE-2025-1485 Jun 02, 2025
Real Cookie Banner WP Plugin <5.1.6 – Stored XSS via unsanitised settings The Real Cookie Banner: GDPR & ePrivacy Cookie Consent WordPress plugin before 5.1.6, real-cookie-banner-pro WordPress plugin before 5.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Wordpress Real Cookie Banner
CVE-2024-2328 May 02, 2024
WP Real Media Library 4.22.11 XSS via image title/alt The Real Media Library: Media Library Folder & File Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image title and alt text in all versions up to, and including, 4.22.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author access and higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Real Media Library
CVE-2024-2027 Apr 09, 2024
WordPress RMML <=4.22.7 Stored XSS via Style Attr The Real Media Library: Media Library Folder & File Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its style attributes in all versions up to, and including, 4.22.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Real Media Library
CVE-2023-0285 Feb 21, 2023
Real Media Library WP <4.18.29: Unescaped Folder Names Enable Stored XSS The Real Media Library WordPress plugin before 4.18.29 does not sanitise and escape the created folder names, which could allow users with the role of author and above to perform Stored Cross-Site Scripting attacks.
Real Media Library
CVE-2022-4507 Jan 16, 2023
WP Real Cookie Banner <3.4.10 XSS via unescaped shortcode attributes The Real Cookie Banner WordPress plugin before 3.4.10 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks against logged-in admins.
Wordpress Real Cookie Banner
CVE-2022-0445 Mar 07, 2022
The WordPress Real Cookie Banner: GDPR (DSGVO) & ePrivacy Cookie Consent WordPress plugin before 2.14.2 does not have CSRF checks in place when resetting its settings The WordPress Real Cookie Banner: GDPR (DSGVO) & ePrivacy Cookie Consent WordPress plugin before 2.14.2 does not have CSRF checks in place when resetting its settings, allowing attackers to make a logged in admin reset them via a CSRF attack
Wordpress Real Cookie Banner
CVE-2021-34668 Aug 30, 2021
The WordPress Real Media Library WordPress plugin is vulnerable to Stored Cross-Site Scripting via the name parameter in the ~/inc/overrides/lite/rest/Folder.php file which The WordPress Real Media Library WordPress plugin is vulnerable to Stored Cross-Site Scripting via the name parameter in the ~/inc/overrides/lite/rest/Folder.php file which allows author-level attackers to inject arbitrary web scripts in folder names, in versions up to and including 4.14.1.
Wordpress Real Media Library
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.