平台
wordpress
组件
wp-meta-data-filter-and-taxonomy-filter
修复版本
1.3.4
CVE-2024-8623 describes an arbitrary shortcode execution vulnerability discovered in the MDTF – Meta Data and Taxonomies Filter plugin for WordPress. This flaw allows unauthenticated attackers to execute arbitrary shortcodes, potentially leading to website defacement or malicious code injection. The vulnerability affects versions of the plugin up to and including 1.3.3.3, and a patch is available to address the issue.
The impact of CVE-2024-8623 is significant due to its ease of exploitation and the potential for widespread compromise. An attacker can leverage this vulnerability to inject malicious shortcodes into WordPress websites using the MDTF plugin. This could result in the execution of arbitrary PHP code, leading to complete website takeover, data theft, or the deployment of malware. The attacker does not require authentication, making it a particularly concerning vulnerability for sites with weak security configurations. Successful exploitation could also allow for the modification of website content, redirection of users to malicious sites, or the injection of spam.
CVE-2024-8623 was publicly disclosed on September 24, 2024. While no active exploitation campaigns have been definitively confirmed, the ease of exploitation and the widespread use of WordPress make it a likely target. There are currently public proof-of-concept exploits available, increasing the risk of immediate exploitation. It is recommended to prioritize patching to prevent potential compromise.
Websites using the MDTF – Meta Data and Taxonomies Filter plugin, particularly those running older versions (≤1.3.3.3), are at significant risk. Shared hosting environments are especially vulnerable, as they often have limited control over plugin updates and security configurations. Sites with default WordPress configurations and weak security practices are also more susceptible to exploitation.
• wordpress / composer / npm:
grep -r 'do_shortcode' /var/www/html/wp-content/plugins/mdtf-meta-data-and-taxonomies-filter/• wordpress / composer / npm:
wp plugin list --status=inactive | grep mdtf• wordpress / composer / npm:
curl -I https://your-wordpress-site.com/wp-content/plugins/mdtf-meta-data-and-taxonomies-filter/ | grep -i 'mdtf'disclosure
漏洞利用状态
EPSS
2.62% (86% 百分位)
CISA SSVC
CVSS 向量
The primary mitigation for CVE-2024-8623 is to immediately upgrade the MDTF plugin to a patched version. The plugin developer has released a fix, so ensure you are using the latest available version. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider temporarily disabling the MDTF plugin. While not a complete solution, this will prevent further exploitation. Reviewing WordPress access logs for suspicious shortcode activity can also help identify potential compromises. Implement a Web Application Firewall (WAF) with rules to block suspicious shortcode execution attempts.
Actualice el plugin MDTF – Meta Data and Taxonomies Filter a la última versión disponible. Esto solucionará la vulnerabilidad de ejecución de shortcodes arbitrarios.
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2024-8623 is a vulnerability in the MDTF plugin for WordPress that allows unauthenticated attackers to execute arbitrary shortcodes due to insufficient input validation, potentially leading to website takeover.
You are affected if you are using the MDTF plugin version 1.3.3.3 or earlier. Check your plugin version and upgrade immediately if vulnerable.
Upgrade the MDTF plugin to the latest version, which contains a fix for this vulnerability. If upgrading is not possible, temporarily disable the plugin.
While no confirmed active exploitation campaigns are currently known, public proof-of-concept exploits exist, increasing the risk of immediate exploitation.
Refer to the MDTF plugin developer's website or the WordPress plugin repository for the latest advisory and update information.
上传你的依赖文件,立即了解此CVE和其他CVE是否影响你。