2 matches found
CVE-2024-13112
The WP MediaTagger WordPress plugin through 4.1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2024-13112
WP MediaTagger WordPress plugin vulnerability CVE-2024-13112: Reflected XSS in 4.1.1 and earlier where a parameter is not sanitized/escaped before echoing in the page. Could affect admin/high-privilege users. Connected documents confirm the issue but do not publicly specify a patch/version beyond...