Plataforma
wordpress
Componente
wp-meta-data-filter-and-taxonomy-filter
Corrigido em
1.3.4
CVE-2025-54707 describes a SQL Injection vulnerability discovered in the MDTF WordPress plugin. This flaw allows attackers to inject malicious SQL code, potentially gaining unauthorized access to sensitive data and compromising the entire WordPress installation. The vulnerability affects versions from 0.0.0 up to and including 1.3.3.7, with a fix available in version 1.3.4.
Successful exploitation of this SQL Injection vulnerability could grant an attacker complete control over the WordPress database. This includes the ability to read, modify, or delete any data stored within the database, such as user credentials, sensitive configuration information, and customer data. An attacker could also leverage this vulnerability to execute arbitrary commands on the server, leading to a full system compromise. The potential blast radius extends to any data accessible through the WordPress database, and could impact website visitors and administrators.
CVE-2025-54707 was published on 2025-08-14. The vulnerability's severity is considered critical due to the potential for complete system compromise. Public proof-of-concept exploits are currently unknown, but the SQL Injection nature of the vulnerability makes it likely that exploits will emerge. Monitor security advisories and threat intelligence feeds for updates.
Websites using the MDTF WordPress plugin, particularly those with sensitive data stored in their WordPress database, are at significant risk. Shared hosting environments where multiple WordPress installations share the same database are also at increased risk, as a compromise of one site could potentially impact others.
• wordpress / composer / npm:
grep -r "wp_query('SELECT * FROM" /var/www/html/wp-content/plugins/mdtf/• generic web:
curl -I https://your-wordpress-site.com/wp-admin/admin.php?page=mdtf-settings&action=update_options | grep SQLdisclosure
Status do Exploit
EPSS
0.04% (percentil 11%)
CISA SSVC
Vetor CVSS
The primary mitigation for CVE-2025-54707 is to immediately upgrade the MDTF WordPress plugin to version 1.3.4 or later. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider implementing a Web Application Firewall (WAF) rule to filter out potentially malicious SQL injection attempts targeting the vulnerable endpoints. Additionally, review and restrict database user permissions to minimize the impact of a successful attack. After upgrading, confirm the vulnerability is resolved by attempting a SQL injection payload against the affected endpoints and verifying that it is properly sanitized.
Actualice el plugin MDTF a la última versión disponible para mitigar la vulnerabilidad de inyección SQL. Verifique la página del plugin en wordpress.org para obtener las actualizaciones más recientes y siga las instrucciones de instalación proporcionadas por el desarrollador. Asegúrese de realizar una copia de seguridad de su sitio web antes de realizar cualquier actualización.
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2025-54707 is a critical SQL Injection vulnerability affecting the MDTF WordPress plugin, allowing attackers to inject malicious SQL code and potentially compromise the database.
If you are using MDTF WordPress plugin versions 0.0.0 through 1.3.3.7, you are affected by this vulnerability. Check your plugin version and upgrade immediately.
Upgrade the MDTF WordPress plugin to version 1.3.4 or later to remediate the SQL Injection vulnerability. Consider WAF rules as a temporary workaround.
While no active exploitation has been confirmed, the SQL Injection nature of the vulnerability makes it likely that exploits will emerge. Monitor security advisories.
Refer to the MDTF plugin developer's website or WordPress plugin repository for the official advisory and update information.
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.