Media-Tags <= 3.2.0.2 – Admin+ Stored Cross-Site Scripting | CVE 2021-24899 | Plugin Vulnerabilities

Description

The plugin does not sanitise and escape any of its Labels settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_htnl capability is disallowed.

Proof of Concept

https://drive.google.com/file/d/1ZXIS-q2fzZhRhTyHpHEzxc_Z2Shl4Up2/view?usp=sharing

Put the following payload in any of the Media-Tags Labels settings (/wp-admin/admin.php?page=mediatags_settings_panel): "><img src=x onerror=confirm(/XSS/)>

Affects Plugins

No known fix

References

CVE

Exploitdb

URL

https://packetstormsecurity.com/files/#164626/

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Akash Rajendra Patil

Submitter

Akash Rajendra Patil

Submitter website

https://akashpatil.me

Submitter twitter

Verified

Yes

WPVDB ID

cf4b266c-d68e-4add-892a-d01a31987a4b

Timeline

Publicly Published

2021-10-25 (about 4 years ago)

Added

2021-10-26 (about 4 years ago)

Last Updated

2022-04-13 (about 3 years ago)

Other

Published

Title

Published

2025-02-21

Title

WPYog Documents < 1.3.6 - Reflected Cross-Site Scripting

Published

2025-05-09

Title

FunnelCockpit < 1.4.4 - Reflected Cross-Site Scripting

Published

2023-02-02

Title

Multi-column Tag Map < 17.0.25 - Contributor+ Stored XSS

Published

2024-04-05

Title

Bold Page Builder < 4.8.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via bt_bb_price_list Shortcode

Published

2025-10-03

Title

Contest Gallery – Upload, Vote & Sell with PayPal and Stripe < 27.0.3 - Authenticated (Author+) Stored Cross-Site Scripting