CVE-2021-24899: 
WordPress vulnerability analysis and mitigation

The Media-Tags WordPress plugin through version 3.2.0.2 contains a Cross-Site Scripting (XSS) vulnerability identified as CVE-2021-24899. The vulnerability was discovered by Akash Rajendra Patil and publicly disclosed on October 25, 2021. This security issue affects the Labels settings functionality within the plugin, potentially impacting WordPress installations using vulnerable versions of the Media-Tags plugin (WPScan).

The vulnerability stems from improper sanitization and escaping of Labels settings in the plugin. This security flaw exists even when the unfiltered_html capability is disallowed. The vulnerability has been assigned a CVSS v3.1 base score of 4.8 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N, indicating that it requires high privileges and user interaction to exploit (NVD).

When exploited, this vulnerability allows high-privilege users to perform Cross-Site Scripting attacks. The impact is considered medium severity, with potential for limited confidentiality and integrity breaches, though no availability impact has been noted (NVD).

As of the latest reports, there is no known fix available for this vulnerability. Users of the Media-Tags plugin version 3.2.0.2 or earlier should consider implementing additional security controls or evaluating alternative solutions (WPScan).