Vulnerabilities > Pluginus > Wordpress Meta Data AND Taxonomies Filter > Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2025-01-08	CVE-2024-12030	SQL Injection vulnerability in Pluginus Wordpress Meta Data and Taxonomies Filter The MDTF – Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to SQL Injection via the 'key' attribute of the 'mdf_value' shortcode in all versions up to, and including, 1.3.3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. network low complexity pluginus CWE-89	6.5
2024-05-17	CVE-2024-34434	Incorrect Authorization vulnerability in Pluginus Wordpress Meta Data and Taxonomies Filter Incorrect Authorization vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF) allows Code Inclusion, Functionality Misuse.This issue affects WordPress Meta Data and Taxonomies Filter (MDTF): from n/a through 1.3.3.2. network low complexity pluginus CWE-863	6.5
2024-03-27	CVE-2024-29763	Unspecified vulnerability in Pluginus Wordpress Meta Data and Taxonomies Filter Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF) allows Reflected XSS.This issue affects WordPress Meta Data and Taxonomies Filter (MDTF): from n/a through 1.3.3. network low complexity pluginus	6.1
2024-03-27	CVE-2024-29932	Unspecified vulnerability in Pluginus Wordpress Meta Data and Taxonomies Filter Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF) allows Stored XSS.This issue affects WordPress Meta Data and Taxonomies Filter (MDTF): from n/a through 1.3.2. network low complexity pluginus	5.4
2024-03-27	CVE-2024-29906	Unspecified vulnerability in Pluginus Wordpress Meta Data and Taxonomies Filter Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF) allows Stored XSS.This issue affects WordPress Meta Data and Taxonomies Filter (MDTF): from n/a through 1.3.2. network low complexity pluginus	5.4
2023-03-22	CVE-2023-28664	Cross-site Scripting vulnerability in Pluginus Wordpress Meta Data and Taxonomies Filter The Meta Data and Taxonomies Filter WordPress plugin, in versions < 1.3.1, is affected by a reflected cross-site scripting vulnerability in the 'tax_name' parameter of the mdf_get_tax_options_in_widget action, which can only be triggered by an authenticated user. network low complexity pluginus CWE-79	5.4

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.