CVE-2023-28664
📋 TL;DR
This vulnerability allows authenticated WordPress users to inject malicious scripts via the 'tax_name' parameter in the Meta Data and Taxonomies Filter plugin. When exploited, it enables reflected cross-site scripting attacks that could steal session cookies or perform actions as the victim. Only WordPress sites using vulnerable plugin versions (<1.3.1) are affected.
💻 Affected Systems
- WordPress Meta Data and Taxonomies Filter plugin
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
An authenticated attacker could steal administrator session cookies, potentially gaining full control over the WordPress site, defacing content, or installing backdoors.
Likely Case
An authenticated low-privilege user could steal session cookies from other authenticated users, potentially escalating privileges or performing unauthorized actions.
If Mitigated
With proper input validation and output encoding, the malicious scripts would be neutralized, preventing any successful exploitation.
🎯 Exploit Status
Exploitation requires authenticated access. The vulnerability is well-documented in security advisories with technical details.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.3.1
Vendor Advisory: https://wordpress.org/plugins/meta-data-and-taxonomies-filter/#developers
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Meta Data and Taxonomies Filter'. 4. Click 'Update Now' if update available. 5. Alternatively, download version 1.3.1+ from WordPress repository and manually update.
🔧 Temporary Workarounds
Disable vulnerable plugin
allTemporarily disable the Meta Data and Taxonomies Filter plugin until patched
wp plugin deactivate meta-data-and-taxonomies-filter
Implement WAF rules
allAdd web application firewall rules to block XSS payloads in tax_name parameter
🧯 If You Can't Patch
- Restrict plugin access to trusted users only through WordPress role management
- Implement Content Security Policy headers to mitigate XSS impact
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Meta Data and Taxonomies Filter → Version. If version < 1.3.1, vulnerable.Check Version:
wp plugin get meta-data-and-taxonomies-filter --field=versionVerify Fix Applied:
Verify plugin version is 1.3.1 or higher in WordPress admin panel📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to /wp-admin/admin-ajax.php with tax_name parameter containing script tags
- Multiple failed authentication attempts followed by successful login and XSS payloads
Network Indicators:
- HTTP requests containing malicious script payloads in tax_name parameter
- Unusual outbound connections after successful XSS exploitation
SIEM Query:
source="wordpress.log" AND "admin-ajax.php" AND "tax_name" AND ("<script>" OR "javascript:" OR "onerror=")