Cross-site Scripting (XSS) Vulnerability in WordPress Meta Data and Taxonomies Filter (MDTF)
CVE-2024-29763

6.1MEDIUM

Key Information:

Vendor: Wordpress
Status: WordPress Meta Data And Taxonomies Filter (mdtf)
Vendor: CVE Published:; 27 March 2024

What is CVE-2024-29763?

The vulnerability present in the WordPress Meta Data and Taxonomies Filter (MDTF) by realmag777 allows for reflected Cross-site Scripting (XSS) due to improper neutralization of user input during web page generation. This makes it possible for an attacker to inject malicious scripts that can be executed in the browser of a user visiting the affected WordPress site. The vulnerability impacts all versions from n/a to 1.3.3, posing significant risks to web applications utilizing this plugin.

Affected Version(s)

WordPress Meta Data and Taxonomies Filter (MDTF) <= 1.3.3

References

https://patchstack.com/database/vulnerability/wp-meta-dat...

vdb-entry

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 27, 2024
Vulnerability Reserved
Mar 19, 2024

Credit

Abdi Pranata (Patchstack Alliance)