Cross-Site Scripting Vulnerability in WordPress Meta Data and Taxonomies Filter by realmag777
CVE-2024-29932

6.5MEDIUM

What is CVE-2024-29932?

The vulnerability in the Meta Data and Taxonomies Filter (MDTF) plugin developed by realmag777 allows an attacker to exploit improper neutralization of input during web page generation, leading to stored XSS. This makes it possible for malicious scripts to be injected into web pages viewed by users, potentially compromising user data and sessions, and promoting further attacks. The affected versions range from n/a through 1.3.2, making it crucial for users of this plugin to take immediate remedial measures to secure their WordPress sites.

Affected Version(s)

WordPress Meta Data and Taxonomies Filter (MDTF) <= 1.3.2

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

.