cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score CVE-2024-13340,https://securityvulnerability.io/vulnerability/CVE-2024-13340,Stored Cross-Site Scripting Vulnerability in MDTF for WordPress,"The MDTF – Meta Data and Taxonomies Filter plugin for WordPress is susceptible to Stored Cross-Site Scripting due to inadequate input sanitization and output escaping in the 'mdf_results_by_ajax' shortcode. This vulnerability allows authenticated users with contributor-level access or higher to inject arbitrary scripts into web pages. These scripts execute when other users access the compromised pages, potentially leading to session hijacking, data theft, or further site compromises.",Wordpress,Mdtf – Meta Data And Taxonomies Filter,6.4,MEDIUM,0.0006799999973736703,false,,false,false,false,false,false,false,2025-01-23T11:13:30.092Z,0 CVE-2024-12030,https://securityvulnerability.io/vulnerability/CVE-2024-12030,SQL Injection Vulnerability in MDTF Plugin for WordPress,"The MDTF – Meta Data and Taxonomies Filter plugin for WordPress suffers from a SQL Injection vulnerability due to inadequate input escaping on the 'key' attribute of the 'mdf_value' shortcode. This flaw allows authenticated attackers with Contributor-level access to inject malicious SQL queries into existing queries. Consequently, attackers could exploit this vulnerability to manipulate database requests, potentially leading to unauthorized data extraction and exposure of sensitive information.",Wordpress,Mdtf – Meta Data And Taxonomies Filter,6.5,MEDIUM,0.0005799999926239252,false,,false,false,false,false,false,false,2025-01-08T04:17:59.363Z,0 CVE-2024-50450,https://securityvulnerability.io/vulnerability/CVE-2024-50450,Code Injection Vulnerability in MDTF Could Allow Attackers to Execute Malicious Code,"A code injection vulnerability exists in the WordPress Meta Data and Taxonomies Filter (MDTF) plugin due to improper control of code generation processes. This vulnerability can allow attackers to inject arbitrary code, potentially compromising the WordPress installation and leading to unauthorized access or loss of data. Affected versions include all prior to 1.3.3.4. Site administrators using these versions should take immediate action to update and mitigate risks associated with this vulnerability.",Wordpress,WordPress Meta Data And Taxonomies Filter (mdtf),9.8,CRITICAL,0.0009299999801442027,false,,false,false,true,true,false,false,2024-10-28T11:28:19.985Z,0 CVE-2024-8623,https://securityvulnerability.io/vulnerability/CVE-2024-8623,Unauthorized Shortcode Execution Vulnerability in MDTF Plugin,"The MDTF – Meta Data and Taxonomies Filter plugin for WordPress is susceptible to a vulnerability that allows unauthenticated attackers to execute arbitrary shortcodes. This occurs due to inadequate validation of user-provided values before invoking the do_shortcode function. As a result, users running versions up to and including 1.3.3.3 are at risk of exploitation, potentially leading to unauthorized actions on their site.",Wordpress,Mdtf – Meta Data And Taxonomies Filter,7.3,HIGH,0.0005200000014156103,false,,false,false,false,,false,false,2024-09-24T02:31:02.434Z,0 CVE-2024-8624,https://securityvulnerability.io/vulnerability/CVE-2024-8624,SQL Injection Vulnerability in MDTF Plugin for WordPress,"The MDTF – Meta Data and Taxonomies Filter plugin for WordPress has a vulnerability that allows for SQL Injection through the 'meta_key' attribute of the 'mdf_select_title' shortcode. This vulnerability affects all versions up to and including 1.3.3.3. Due to inadequate escaping of user-provided parameters and a flawed SQL query construction process, authenticated attackers with Contributor-level access or higher can inject additional SQL queries into existing ones. This exploit can potentially lead to unauthorized access and extraction of sensitive information from the WordPress database.",Wordpress,Mdtf – Meta Data And Taxonomies Filter,9.9,CRITICAL,0.0005000000237487257,false,,false,false,false,,false,false,2024-09-24T02:31:01.927Z,0 CVE-2024-32818,https://securityvulnerability.io/vulnerability/CVE-2024-32818,Missing Authorization Vulnerability Affects WordPress MDTF,Missing Authorization vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF).This issue affects WordPress Meta Data and Taxonomies Filter (MDTF): from n/a through 1.3.3.,Wordpress,WordPress Meta Data And Taxonomies Filter (mdtf),4.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-06-09T12:37:11.329Z,0 CVE-2024-34434,https://securityvulnerability.io/vulnerability/CVE-2024-34434,WordPress MDTF – Meta Data and Taxonomies Filter plugin <= 1.3.3.2 - Arbitrary Shortcode Execution vulnerability,"Incorrect Authorization vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF) allows Code Inclusion, Functionality Misuse.This issue affects WordPress Meta Data and Taxonomies Filter (MDTF): from n/a through 1.3.3.2.",Wordpress,WordPress Meta Data And Taxonomies Filter (mdtf),6.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-05-17T08:11:18.325Z,0 CVE-2024-30457,https://securityvulnerability.io/vulnerability/CVE-2024-30457,CSRF Vulnerability in WordPress Meta Data and Taxonomies Filter (MDTF),"Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF).This issue affects WordPress Meta Data and Taxonomies Filter (MDTF): from n/a through 1.3.3.1. ",Wordpress,WordPress Meta Data And Taxonomies Filter (mdtf),4.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-03-29T13:06:20.591Z,0 CVE-2024-29763,https://securityvulnerability.io/vulnerability/CVE-2024-29763,Cross-site Scripting (XSS) Vulnerability in WordPress Meta Data and Taxonomies Filter (MDTF),"The vulnerability present in the WordPress Meta Data and Taxonomies Filter (MDTF) by realmag777 allows for reflected Cross-site Scripting (XSS) due to improper neutralization of user input during web page generation. This makes it possible for an attacker to inject malicious scripts that can be executed in the browser of a user visiting the affected WordPress site. The vulnerability impacts all versions from n/a to 1.3.3, posing significant risks to web applications utilizing this plugin.",Wordpress,WordPress Meta Data And Taxonomies Filter (mdtf),7.1,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,2024-03-27T13:11:31.210Z,0 CVE-2024-29906,https://securityvulnerability.io/vulnerability/CVE-2024-29906,Stored XSS Vulnerability in WordPress Meta Data and Taxonomies Filter (MDTF),"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF) allows Stored XSS.This issue affects WordPress Meta Data and Taxonomies Filter (MDTF): from n/a through 1.3.2. ",Wordpress,WordPress Meta Data And Taxonomies Filter (mdtf),6.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-03-27T06:53:22.559Z,0