cleantalk
Vulnerabilities and Security Researches

WP MediaTagger, CVE-2024-13112

CVE, Research URL

CVE-2024-13112

Home page URL

Security reports for WP MediaTagger

Application

WP MediaTagger

Published on
Jan 31, 2025
Research Description
The WP MediaTagger WordPress plugin through 4.1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
Affected versions
max 4.1.1.
Status
vulnerable
Previous vulnerability researches
WP MediaTagger (CVE-2024-13101) , Jan 16, 2025
WP MediaTagger (CVE-2024-13112) , Jan 16, 2025
New vulnerability
Cornerstone (CVE-2026-9710) , Jun 26, 2026
Cornerstone (CVE-2026-9709) , Jun 26, 2026
Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates (CVE-2026-10833) , Jun 26, 2026
Post Duplicator (CVE-2026-10749) , Jun 26, 2026
Tourfic – Ultimate Hotel Booking, Travel Booking & Apartment Booking WordPress Plugin | WooCommerce Booking (CVE-2026-12937) , Jun 26, 2026