CVE-2024-50450

HIGH

Pluginus Wordpress Meta Data And Taxonomies Filter - Code Injection

Title source: rule

Description

Improper Control of Generation of Code ('Code Injection') vulnerability in RealMag777 MDTF wp-meta-data-filter-and-taxonomy-filter allows Code Injection.This issue affects MDTF: from n/a through <= 1.3.3.4.

Exploits (1)

nomisec WORKING POC 1 stars

by RandomRobbieBF · poc

https://github.com/RandomRobbieBF/CVE-2024-50450

View Code ZIP pw:eip

References (2)

[Vdb Entry] https://patchstack.com/database/Wordpress/Plugin/wp-meta-data-filter-and-taxonomy-filter/vulnerability/wordpress-mdtf-meta-data-and-taxonomies-filter-plugin-1-3-3-4-bypass-vulnerability-vulnerability?_s_id=cve

[Third Party Advisory] https://patchstack.com/database/vulnerability/wp-meta-data-filter-and-taxonomy-filter/wordpress-mdtf-meta-data-and-taxonomies-filter-plugin-1-3-3-4-bypass-vulnerability-vulnerability?_s_id=cve

Scores

CVSS v3 7.3

EPSS 0.5250

EPSS Percentile 97.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-94

Status published

Products (2)

pluginus/wordpress_meta_data_and_taxonomies_filter < 1.3.3.5

RealMag777/MDTF < 1.3.3.4

Published Oct 28, 2024

Tracked Since Feb 18, 2026