CVE-2024-13101 - WP MediaTagger WordPress Plugin Allows Stored XSS Attacks in Versions Up to 4.1.1

A Stored Cross-Site Scripting (XSS) vulnerability has been discovered in the WP MediaTagger WordPress plugin versions up to and including 4.1.1. This vulnerability could allow users with the contributor role and above to exploit the plugin's shortcode attributes. In this post, we will discuss the details of this vulnerability, its potential impact, and how to mitigate it.

Vulnerability Overview

The WP MediaTagger WordPress plugin is designed to help users organize their media files and tags, making it easier to manage and navigate through large collections of media files. In versions up to 4.1.1, the plugin does not properly validate and escape some of its shortcode attributes before outputting them back in a page or post where the shortcode is embedded.

This vulnerability can be exploited by users with the contributor role and above, including authors, editors, and administrators. This means that any user with the ability to create or edit posts and pages can perform Stored XSS attacks by injecting malicious code into the affected shortcode attributes.

Here is an example of a WP MediaTagger shortcode with vulnerable attributes

[mediatagger tag_id="1" tag_label="My Gallery" media_number_per_page="10" media_page="1" media_order_by="ID" media_order="ASC"]

In this example, the tag_label attribute can be exploited for a Stored XSS attack. An attacker could inject malicious code like this:

[mediatagger tag_id="1" tag_label="My Gallery<script>alert('XSS');</script>" media_number_per_page="10" media_page="1" media_order_by="ID" media_order="ASC"]

When the modified shortcode is embedded into a page or a post and viewed by a user, the malicious code (in this case, the JavaScript alert 'XSS') will be executed.

As a result, the attacker could potentially gain unauthorized access to sensitive user data, perform actions on behalf of the user, or even compromise the entire site.

Original References

- CVE (Common Vulnerabilities and Exposures) entry: CVE-2024-13101
- WPScan Vulnerability Database: Entry for WP MediaTagger Stored XSS

Mitigations and Recommendations

If you are using the WP MediaTagger WordPress plugin, it is strongly recommended that you update to the latest version to resolve this vulnerability. The vulnerability has been fixed in the version 4.1.2.

Additionally, site administrators should regularly review user accounts and roles, limiting the access and permissions of users who do not require the ability to create or edit content.

Conclusion

This post outlined the Stored XSS vulnerability present in the WP MediaTagger WordPress plugin versions up to 4.1.1, the potential impact on your site, and the steps to take in order to mitigate the risk. By updating the plugin, reviewing user roles, and following best security practices, you can ensure the safety of your site and protect it from any potential attacks.

Timeline

Published on: 01/31/2025 06:15:28 UTC
Last modified on: 03/19/2025 17:15:39 UTC