Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-13340

The MDTF – Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mdf_results_by_ajax' shortcode in all versions up to, and including, 1.3.3.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Published

2025-01-23T12:15:27.890

Last Modified

2025-01-31T16:02:16.553

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 6.4 (MEDIUM)

Weaknesses

Type: Secondary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	pluginus	meta_data_and_taxonomies_filter	< 1.3.3.7	Yes

References

https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3224186%40wp-meta-data-filter-and-taxonomy-filter&new=3224186%40wp-meta-data-filter-and-taxonomy-filter&sfp_email=&sfph_mail= Patch ([email protected])
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3226055%40wp-meta-data-filter-and-taxonomy-filter&new=3226055%40wp-meta-data-filter-and-taxonomy-filter&sfp_email=&sfph_mail= Patch ([email protected])
https://wordpress.org/plugins/wp-meta-data-filter-and-taxonomy-filter/ Product ([email protected])
https://www.wordfence.com/threat-intel/vulnerabilities/id/fcaeae5b-4047-4f09-8197-6ce2c21cc812?source=cve Third Party Advisory ([email protected])