WordPress Plugin Media-Tags 3.2.0.2 - Stored Cross-Site Scripting (XSS)

vendor:

Media-Tags

by:

Akash Rajendra Patil

8.8

CVSS

HIGH

Stored Cross-Site Scripting (XSS)

CWE

Product Name: Media-Tags

Affected Version From: 3.2.0.2

Affected Version To: 3.2.0.2

Patch Exists: Yes

Related CWE:

CPE: a:wordpress:media-tags

Metasploit:

Other Scripts:

Platforms Tested: Windows

2021

WordPress Plugin Media-Tags 3.2.0.2 – Stored Cross-Site Scripting (XSS)

A stored XSS vulnerability exists in the WordPress Plugin Media-Tags version 3.2.0.2. An attacker can inject malicious JavaScript payload into the 'Media Tag Label Fields' user input field, which will be stored in the database. When the same functionality is triggered, the malicious payload will be executed, resulting in a pop-up.

Mitigation:

Update to the latest version of the WordPress Plugin Media-Tags.

Source

Exploit-DB raw data:

# Exploit Title: WordPress Plugin Media-Tags 3.2.0.2 - Stored Cross-Site Scripting (XSS)
# Date: 25-10-2021
# Exploit Author: Akash Rajendra Patil
# Vendor Homepage: https://wordpress.org/plugins/media-tags/
# Software Link: www.codehooligans.com/projects/wordpress/media-tags/
# Version: 3.2.0.2
# Tested on Windows

*How to reproduce vulnerability:*

1. Install Latest WordPress

2. Install and activate Media-Tags <= 3.2.0.2
3. Navigate to Add Table >> add the payload into 'Media Tag Label Fields' and enter the data into the user input field.

4. Enter JavaScript payload which is mentioned below
"><img src=x onerror=confirm(docment.domain)>

5. You will observe that the payload successfully got stored into the database and when you are triggering the same functionality in that time JavaScript payload is executing successfully and we are getting a pop-up.