Platform
wordpress
Component
wp-meta-data-filter-and-taxonomy-filter
Fixed in
1.3.4
CVE-2025-54707 describes a SQL Injection vulnerability discovered in the MDTF WordPress plugin. This flaw allows attackers to inject malicious SQL code, potentially gaining unauthorized access to sensitive data and compromising the entire WordPress installation. The vulnerability affects versions from 0.0.0 up to and including 1.3.3.7, with a fix available in version 1.3.4.
Successful exploitation of this SQL Injection vulnerability could grant an attacker complete control over the WordPress database. This includes the ability to read, modify, or delete any data stored within the database, such as user credentials, sensitive configuration information, and customer data. An attacker could also leverage this vulnerability to execute arbitrary commands on the server, leading to a full system compromise. The potential blast radius extends to any data accessible through the WordPress database, and could impact website visitors and administrators.
CVE-2025-54707 was published on 2025-08-14. The vulnerability's severity is considered critical due to the potential for complete system compromise. Public proof-of-concept exploits are currently unknown, but the SQL Injection nature of the vulnerability makes it likely that exploits will emerge. Monitor security advisories and threat intelligence feeds for updates.
Exploit Status
EPSS
0.04% (11% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-54707 is to immediately upgrade the MDTF WordPress plugin to version 1.3.4 or later. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider implementing a Web Application Firewall (WAF) rule to filter out potentially malicious SQL injection attempts targeting the vulnerable endpoints. Additionally, review and restrict database user permissions to minimize the impact of a successful attack. After upgrading, confirm the vulnerability is resolved by attempting a SQL injection payload against the affected endpoints and verifying that it is properly sanitized.
Update the MDTF plugin to the latest available version to mitigate the SQL Injection vulnerability. Check the plugin page on wordpress.org for the latest updates and follow the installation instructions provided by the developer. Ensure you back up your website before performing any updates.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-54707 is a critical SQL Injection vulnerability affecting the MDTF WordPress plugin, allowing attackers to inject malicious SQL code and potentially compromise the database.
If you are using MDTF WordPress plugin versions 0.0.0 through 1.3.3.7, you are affected by this vulnerability. Check your plugin version and upgrade immediately.
Upgrade the MDTF WordPress plugin to version 1.3.4 or later to remediate the SQL Injection vulnerability. Consider WAF rules as a temporary workaround.
While no active exploitation has been confirmed, the SQL Injection nature of the vulnerability makes it likely that exploits will emerge. Monitor security advisories.
Refer to the MDTF plugin developer's website or WordPress plugin repository for the official advisory and update information.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.