Description
The Media-Tags WordPress plugin through 3.2.0.2 does not sanitise and escape any of its Labels settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_htnl capability is disallowed.
Analysis and contextual insights are available on OpenCVE Cloud.
Remediation
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
EUVD |
EUVD-2021-11811 | The Media-Tags WordPress plugin through 3.2.0.2 does not sanitise and escape any of its Labels settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_htnl capability is disallowed. |
References
History
No history.
Status: PUBLISHED
Assigner: WPScan
Published:
Updated: 2024-08-03T19:49:13.962Z
Reserved: 2021-01-14T00:00:00.000Z
Link: CVE-2021-24899
No data.
Status : Modified
Published: 2021-11-29T09:15:07.860
Modified: 2026-06-17T03:41:05.997
Link: CVE-2021-24899
No data.
OpenCVE Enrichment
No data.
Weaknesses
EUVD