Wordpress Meta Data And Taxonomies Filter

wordpress_meta_data_and_taxonomies_filter

Vendor: Pluginus • 12 CVEs

CVEs (12)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-12030 1Pluginus 1Wordpress Meta Data And Taxonomies Filter Feb 26, 2025 Jan 8, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 The MDTF – Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to SQL Injection via the 'key' attribute of the 'mdf_value' shortcode in all versions up to, and including, 1.3.3.5 due to insufficient escapi...Show more The MDTF – Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to SQL Injection via the 'key' attribute of the 'mdf_value' shortcode in all versions up to, and including, 1.3.3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.Show less
CVE-2024-50450 1Pluginus 1Wordpress Meta Data And Taxonomies Filter Apr 23, 2026 Oct 28, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Improper Control of Generation of Code ('Code Injection') vulnerability in RealMag777 MDTF wp-meta-data-filter-and-taxonomy-filter allows Code Injection.This issue affects MDTF: from n/a through <= 1.3.3.4.
CVE-2024-8624 1Pluginus 1Wordpress Meta Data And Taxonomies Filter Sep 26, 2024 Sep 24, 2024 N/A· v4 9.9 CRITICAL· v3 N/A· v2 The MDTF – Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to SQL Injection via the 'meta_key' attribute of the 'mdf_select_title' shortcode in all versions up to, and including, 1.3.3.3 due to insuffi...Show more The MDTF – Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to SQL Injection via the 'meta_key' attribute of the 'mdf_select_title' shortcode in all versions up to, and including, 1.3.3.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.Show less
CVE-2024-8623 1Pluginus 1Wordpress Meta Data And Taxonomies Filter Sep 26, 2024 Sep 24, 2024 N/A· v4 7.3 HIGH· v3 N/A· v2 The The MDTF – Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.3.3.3. This is due to the software allowing users to execute an a...Show more The The MDTF – Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.3.3.3. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.Show less
CVE-2024-32818 1Pluginus 1Wordpress Meta Data And Taxonomies Filter Feb 26, 2025 Jun 9, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Missing Authorization vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF).This issue affects WordPress Meta Data and Taxonomies Filter (MDTF): from n/a through 1.3.3.
CVE-2024-34434 1Pluginus 1Wordpress Meta Data And Taxonomies Filter Apr 10, 2025 May 17, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Incorrect Authorization vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF) allows Code Inclusion, Functionality Misuse.This issue affects WordPress Meta Data and Taxonomies Filter (MDTF): from n...Show more Incorrect Authorization vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF) allows Code Inclusion, Functionality Misuse.This issue affects WordPress Meta Data and Taxonomies Filter (MDTF): from n/a through 1.3.3.2.Show less
CVE-2024-30457 1Pluginus 1Wordpress Meta Data And Taxonomies Filter Apr 28, 2026 Mar 29, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF).This issue affects WordPress Meta Data and Taxonomies Filter (MDTF): from n/a through 1.3.3.1.
CVE-2024-29763 1Pluginus 1Wordpress Meta Data And Taxonomies Filter Apr 28, 2026 Mar 27, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF) allows Reflected XSS.This issue affects WordPress Meta Dat...Show more Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF) allows Reflected XSS.This issue affects WordPress Meta Data and Taxonomies Filter (MDTF): from n/a through 1.3.3.Show less
CVE-2024-29932 1Pluginus 1Wordpress Meta Data And Taxonomies Filter Apr 28, 2026 Mar 27, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF) allows Stored XSS.This issue affects WordPress Meta Data a...Show more Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF) allows Stored XSS.This issue affects WordPress Meta Data and Taxonomies Filter (MDTF): from n/a through 1.3.2.Show less
CVE-2024-29906 1Pluginus 1Wordpress Meta Data And Taxonomies Filter Apr 28, 2026 Mar 27, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF) allows Stored XSS.This issue affects WordPress Meta Data a...Show more Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF) allows Stored XSS.This issue affects WordPress Meta Data and Taxonomies Filter (MDTF): from n/a through 1.3.2.Show less
CVE-2023-28664 1Pluginus 1Wordpress Meta Data And Taxonomies Filter Feb 25, 2025 Mar 22, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The Meta Data and Taxonomies Filter WordPress plugin, in versions < 1.3.1, is affected by a reflected cross-site scripting vulnerability in the 'tax_name' parameter of the mdf_get_tax_options_in_widget action, which can...Show more The Meta Data and Taxonomies Filter WordPress plugin, in versions < 1.3.1, is affected by a reflected cross-site scripting vulnerability in the 'tax_name' parameter of the mdf_get_tax_options_in_widget action, which can only be triggered by an authenticated user.Show less
CVE-2021-20781 1Pluginus 1Wordpress Meta Data And Taxonomies Filter Nov 21, 2024 Jul 14, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in WordPress Meta Data Filter & Taxonomies Filter versions prior to v.1.2.8 and versions prior to v.2.2.8 allows remote attackers to hijack the authentication of administra...Show more Cross-site request forgery (CSRF) vulnerability in WordPress Meta Data Filter & Taxonomies Filter versions prior to v.1.2.8 and versions prior to v.2.2.8 allows remote attackers to hijack the authentication of administrators via unspecified vectors.Show less