CVE-2021-24899

CVE-2021-24899: Media-Tags <= 3.2.0.2 - Admin+ Stored Cross-Site Scripting

Vendor Unknown
Product Media Tags
Weakness CWE-79 · XSS
Published November 29, 2021
Last update August 3, 2024
View on NVD All CVEs

CVSS base score

What the vulnerability does

01Description

The Media-Tags WordPress plugin through 3.2.0.2 does not sanitise and escape any of its Labels settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_htnl capability is disallowed.

Key dates

02Disclosure timeline

November 29, 2021 CVE published
August 3, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-1612 Edimax BR-6288ACL wireless5g_basic.asp cross site scripting CVE-2025-48097 WordPress WSAnalytics plugin <= 1.1.2 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2026-27639 Mercator vulnerable to stored XSS via unescaped Blade directives in display templates CVE-2024-1235 Elementor Addons by Livemesh <= 8.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-50516 WordPress Countdown & Clock plugin <= 3.0.8 - Cross Site Scripting (XSS) vulnerability