CVE-2026-43533

OpenClaw before 2026.4.10 contains an arbitrary file read vulnerability in QQBot media tags that allows attackers to reference host-local paths outside the intended media storage boundary. Attackers can craft malicious reply text containing media tags to disclose arbitrary local files through...

CVE-2026-43533

OpenClaw before 2026.4.10 contains an arbitrary file read vulnerability in QQBot media tags that allows attackers to reference host-local paths outside the intended media storage boundary. Attackers can craft malicious reply text containing media tags to disclose arbitrary local files through...

CVE-2026-43533 OpenClaw < 2026.4.10 - Arbitrary Local File Read via QQBot Media Tags

OpenClaw before 2026.4.10 contains an arbitrary file read vulnerability in QQBot media tags that allows attackers to reference host-local paths outside the intended media storage boundary. Attackers can craft malicious reply text containing media tags to disclose arbitrary local files through...

CVE-2026-43533

OpenClaw prior to 2026.4.10 is affected by an arbitrary local file read via QQBot media tags. The root cause is improperly handling media tags that reference host-local paths outside the media storage boundary, allowing disclosure of arbitrary local files through outbound media handling. Impact i...

CVE-2026-43533

OpenClaw before 2026.4.10 contains an arbitrary file read vulnerability in QQBot media tags that allows attackers to reference host-local paths outside the intended media storage boundary. Attackers can craft malicious reply text containing media tags to disclose arbitrary local files through...

CVE-2026-43533 OpenClaw < 2026.4.10 - Arbitrary Local File Read via QQBot Media Tags

OpenClaw before 2026.4.10 contains an arbitrary file read vulnerability in QQBot media tags that allows attackers to reference host-local paths outside the intended media storage boundary. Attackers can craft malicious reply text containing media tags to disclose arbitrary local files through...

EUVD-2026-27277

OpenClaw before 2026.4.10 contains an arbitrary file read vulnerability in QQBot media tags that allows attackers to reference host-local paths outside the intended media storage boundary. Attackers can craft malicious reply text containing media tags to disclose arbitrary local files through...

GHSA-66R7-M7XM-V49H OpenClaw: QQBot media tags could read arbitrary local files through reply text

Summary QQBot media tags could read arbitrary local files through reply text. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.4.10 Impact QQBot outbound media tags in AI reply text could reference host-local paths outside the intended media storage...

PT-2026-37018

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.10 Description An arbitrary file read issue exists in QQBot media tags. Attackers can craft malicious reply text containing media tags to reference host-local paths outside the intended media storage boundary,...

CVE-2021-24899

The Media-Tags WordPress plugin through 3.2.0.2 does not sanitise and escape any of its Labels settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtnl capability is disallowed...

WordPress plugin cross-site scripting vulnerability (CNVD-2021-102400)

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . A cross-site scripting vulnerability exists in the...

CVE-2021-24899

The Media-Tags WordPress plugin through 3.2.0.2 does not sanitise and escape any of its Labels settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtnl capability is disallowed...

CVE-2021-24899

The CVE-2021-24899 relates to the WordPress Media-Tags plugin (

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . A cross-site scripting vulnerability exists in the...

Media-Tags <= 3.2.0.2 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape any of its Labels settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtnl capability is disallowed. https://drive.google.com/file/d/1ZXIS-q2fzZhRhTyHpHEzxcZ2Shl4Up2/view?usp=sharing Put the...

WordPress Media Tags plugin <= 3.2.0.2 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Akash Rajendra Patil in WordPress Media Tags plugin versions = 3.2.0.2. Solution Deactivate and delete. This plugin has been closed as of October 25, 2021 and is not available for download. This closure is temporary, pending a full revie...

WordPress Media-Tags 3.2.0.2 Cross Site Scripting

Exploit Title: WordPress Plugin Media-Tags 3.2.0.2 - Stored Cross-Site Scripting XSS Date: 25-10-2021 Exploit Author: Akash Rajendra Patil Vendor Homepage: https://wordpress.org/plugins/media-tags/ Software Link: www.codehooligans.com/projects/wordpress/media-tags/ Version: 3.2.0.2 Tested on...

Media-Tags <= 3.2.0.2 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape any of its Labels settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtnl capability is disallowed. PoC https://drive.google.com/file/d/1ZXIS-q2fzZhRhTyHpHEzxcZ2Shl4Up2/view?usp=sharing Put the...

WordPress Plugin Media-Tags 3.2.0.2 - Stored Cross-Site Scripting (XSS)

Exploit Title: WordPress Plugin Media-Tags 3.2.0.2 - Stored Cross-Site Scripting XSS Date: 25-10-2021 Exploit Author: Akash Rajendra Patil Vendor Homepage: https://wordpress.org/plugins/media-tags/ Software Link: www.codehooligans.com/projects/wordpress/media-tags/ Version: 3.2.0.2 Tested on...

WordPress Media-Tags 3.2.0.2 Plugin - Stored Cross-Site Scripting Vulnerability

Exploit Title: WordPress Plugin Media-Tags 3.2.0.2 - Stored Cross-Site Scripting XSS Exploit Author: Akash Rajendra Patil Vendor Homepage: https://wordpress.org/plugins/media-tags/ Software Link: www.codehooligans.com/projects/wordpress/media-tags/ Version: 3.2.0.2 Tested on Windows How to...