MDTF - Meta Data and Taxonomies Filter
Moderate fix1 remedy
cpe:2.3:a:pluginus:wordpress_meta_data_and_taxonomies_filter:*:*:*:*:wordpress:*:*
Moderate fix1 remedy
- <= 1.3.3.6
MDTF WordPress Plugin Stored Cross-Site Scripting Vulnerability
Vulnerability
Patched
A stored cross-site scripting vulnerability has been identified in the MDTF – Meta Data and Taxonomies Filter plugin for WordPress, affecting all versions through 1.3.3.6. The vulnerability arises from inadequate input sanitization and output escaping on user-supplied attributes within the 'mdf_results_by_ajax' shortcode. This flaw allows authenticated attackers with contributor-level access or higher to inject arbitrary web scripts into pages, which are executed when users access the injected pages.
Impact
Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user viewing the page.
Reproduction
To reproduce this vulnerability, an authenticated user with contributor-level access or higher can use the 'mdf_results_by_ajax' shortcode. The user can inject scripts through the shortcode's attributes, which will be executed when the page is accessed.
Remediation
Users are advised to update the MDTF – Meta Data and Taxonomies Filter plugin to version 1.3.3.7 or a newer patched version.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
2.2impact
1.7exploitability
6.4remediation
7.7relevance
0.0threat
4.8urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.