プラットフォーム
wordpress
コンポーネント
wp-meta-data-filter-and-taxonomy-filter
修正版
1.3.4
CVE-2024-50450 describes a Code Injection vulnerability discovered in the WordPress Meta Data and Taxonomies Filter (MDTF) plugin. This flaw allows attackers to inject arbitrary code, potentially compromising the entire WordPress site. The vulnerability affects versions of the plugin up to and including 1.3.3.4, and a fix is available in version 1.3.4.
Successful exploitation of CVE-2024-50450 allows an attacker to execute arbitrary code on the server hosting the WordPress site. This could lead to complete website takeover, data theft (including user credentials and sensitive data stored in the database), defacement, and the installation of malware. The impact is particularly severe because WordPress is a widely used content management system, and many websites rely on plugins like MDTF for extended functionality. A successful attack could also be used to pivot to other systems on the same network, expanding the blast radius. This vulnerability shares similarities with other code injection flaws in WordPress plugins, where insufficient input validation allows malicious code to be injected and executed.
CVE-2024-50450 was publicly disclosed on 2024-10-28. There is currently no indication of active exploitation in the wild, but the availability of a public code injection vulnerability significantly increases the risk. The EPSS score is likely to be assessed as medium due to the ease of exploitation and the widespread use of WordPress. Monitor security advisories and threat intelligence feeds for any signs of exploitation.
Websites using the WordPress Meta Data and Taxonomies Filter (MDTF) plugin, particularly those running older, unpatched versions (≤1.3.3.4), are at risk. Shared hosting environments where multiple websites share the same server are also at increased risk, as a compromise of one site could potentially lead to the compromise of others.
• wordpress / composer / npm:
grep -r 'realmag777/mdtf' /var/www/html/wp-content/plugins/• wordpress / composer / npm:
wp plugin list | grep mdtf• wordpress / composer / npm:
wp plugin update mdtf --version=1.3.4• generic web: Check WordPress plugin directory for known vulnerable versions of MDTF.
disclosure
エクスプロイト状況
EPSS
53.50% (98% パーセンタイル)
CISA SSVC
CVSS ベクトル
The primary mitigation for CVE-2024-50450 is to immediately update the WordPress Meta Data and Taxonomies Filter (MDTF) plugin to version 1.3.4 or later. If an immediate upgrade is not possible due to compatibility issues or testing requirements, consider temporarily disabling the plugin. While not a complete solution, implementing a Web Application Firewall (WAF) with rules to detect and block code injection attempts can provide an additional layer of defense. Regularly scan your WordPress installation for vulnerable plugins using a security scanner. After upgrading, verify the fix by attempting to inject a simple code snippet through a plugin parameter and confirming that it is properly sanitized and does not execute.
Actualice el plugin WordPress Meta Data and Taxonomies Filter (MDTF) a la última versión disponible. La vulnerabilidad de inyección de código permite la ejecución de código malicioso. La actualización corrige esta vulnerabilidad.
脆弱性分析と重要アラートをメールでお届けします。
CVE-2024-50450 is a Code Injection vulnerability affecting the WordPress Meta Data and Taxonomies Filter (MDTF) plugin, allowing attackers to inject malicious code. It has a CVSS score of 7.3 (HIGH).
You are affected if you are using the WordPress Meta Data and Taxonomies Filter (MDTF) plugin version 1.3.3.4 or earlier. Check your plugin versions immediately.
Update the WordPress Meta Data and Taxonomies Filter (MDTF) plugin to version 1.3.4 or later. If immediate upgrade is not possible, disable the plugin temporarily.
There is currently no confirmed active exploitation, but the vulnerability is publicly known and poses a significant risk.
Refer to the plugin developer's website or the WordPress plugin directory for the latest updates and security advisories related to the MDTF plugin.
依存関係ファイルをアップロードすれば、このCVEや他のCVEがあなたに影響するか即座にわかります。
依存関係ファイルをアップロードすれば、このCVEや他のCVEがあなたに影響するか即座にわかります。