WordPress Media-Tags plugin version 220.127.116.11 suffers from a persistent cross site scripting vulnerability.
# Exploit Title: WordPress Plugin Media-Tags 18.104.22.168 - Stored Cross-Site Scripting (XSS)
# Date: 25-10-2021
# Exploit Author: Akash Rajendra Patil
# Vendor Homepage: https://wordpress.org/plugins/media-tags/
# Software Link: www.codehooligans.com/projects/wordpress/media-tags/
# Version: 22.214.171.124
# Tested on Windows
*How to reproduce vulnerability:*
1. Install Latest WordPress
2. Install and activate Media-Tags <= 126.96.36.199
3. Navigate to Add Table >> add the payload into 'Media Tag Label Fields' and enter the data into the user input field.
"><img src=x onerror=confirm(docment.domain)>