3 matches found
CVE-2024-13101
The WP MediaTagger WordPress plugin through 4.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2024-13101 WP MediaTagger <= 4.1.1 - Contributor+ Stored XSS
The WP MediaTagger WordPress plugin through 4.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2024-13101
CVE-2024-13101 affects the WordPress plugin WP MediaTagger (versions up to 4.1.1). The vulnerability arises because shortcode attributes are not properly validated or escaped before they are output on the page, enabling a Stored Cross-Site Scripting (XSS) attack for users with the contributor rol...