CVE-2024-50450

HIGH

Pluginus Wordpress Meta Data And Taxonomies Filter - Code Injection

Title source: rule
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-50450. PoCs published by RandomRobbieBF.

AI-analyzed exploit summary This PoC demonstrates an unauthenticated arbitrary shortcode execution vulnerability in the WordPress Meta Data and Taxonomies Filter plugin. The exploit sends a crafted POST request to admin-ajax.php, leveraging the mdf_get_ajax_auto_recount_data action to execute arbitrary shortcodes.

Description

Improper Control of Generation of Code ('Code Injection') vulnerability in RealMag777 MDTF wp-meta-data-filter-and-taxonomy-filter allows Code Injection.This issue affects MDTF: from n/a through <= 1.3.3.4.

Exploits (1)

nomisec WORKING POC 1 stars
by RandomRobbieBF · poc
https://github.com/RandomRobbieBF/CVE-2024-50450

This PoC demonstrates an unauthenticated arbitrary shortcode execution vulnerability in the WordPress Meta Data and Taxonomies Filter plugin. The exploit sends a crafted POST request to admin-ajax.php, leveraging the mdf_get_ajax_auto_recount_data action to execute arbitrary shortcodes.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: WordPress Meta Data and Taxonomies Filter (MDTF) <= 1.3.3.4
No auth needed
Prerequisites: WordPress installation with vulnerable MDTF plugin
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 7.3
EPSS 0.0115
EPSS Percentile 62.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-94
Status published
Products (2)
pluginus/wordpress_meta_data_and_taxonomies_filter < 1.3.3.5
RealMag777/MDTF < 1.3.3.4
Published Oct 28, 2024
Tracked Since Feb 18, 2026