CVE-2024-12030
📋 TL;DR
This SQL injection vulnerability in the MDTF WordPress plugin allows authenticated attackers with Contributor-level access or higher to inject malicious SQL queries through the 'mdf_value' shortcode. This can lead to unauthorized data extraction from the WordPress database. All WordPress sites using MDTF plugin versions up to 1.3.3.5 are affected.
💻 Affected Systems
- MDTF – Meta Data and Taxonomies Filter WordPress plugin
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers could extract sensitive data including user credentials, personal information, and administrative data, potentially leading to complete site compromise.
Likely Case
Data exfiltration of database contents including user emails, hashed passwords, and other sensitive WordPress data.
If Mitigated
Limited impact if proper access controls and input validation are in place, though SQL injection remains possible.
🎯 Exploit Status
Exploitation requires authenticated access but SQL injection payloads are straightforward once access is obtained.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.3.3.6
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'MDTF – Meta Data and Taxonomies Filter'. 4. Click 'Update Now' if available, or download version 1.3.3.6 from WordPress repository. 5. Activate the updated plugin.
🔧 Temporary Workarounds
Disable vulnerable shortcode
allRemove or disable the 'mdf_value' shortcode usage from posts/pages
Search WordPress content for [mdf_value] shortcodes and remove them
Restrict user roles
allTemporarily restrict Contributor and higher roles from creating/editing posts
Use WordPress role management plugins to modify capabilities
🧯 If You Can't Patch
- Disable the MDTF plugin entirely until patched
- Implement web application firewall rules to block SQL injection patterns targeting the mdf_value parameter
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Installed Plugins for MDTF version. If version is 1.3.3.5 or lower, you are vulnerable.Check Version:
wp plugin list --name='MDTF – Meta Data and Taxonomies Filter' --field=version (if WP-CLI installed)Verify Fix Applied:
Verify MDTF plugin version is 1.3.3.6 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual SQL queries in WordPress/database logs
- Multiple failed login attempts followed by successful Contributor-level login
Network Indicators:
- POST requests containing mdf_value parameter with SQL keywords
- Unusual database query patterns from WordPress application
SIEM Query:
source="wordpress.log" AND "mdf_value" AND ("UNION" OR "SELECT" OR "INSERT" OR "DELETE")🔗 References
- https://plugins.trac.wordpress.org/browser/wp-meta-data-filter-and-taxonomy-filter/trunk/classes/shortcodes.php?rev=3204774#L874
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3210333%40wp-meta-data-filter-and-taxonomy-filter&new=3210333%40wp-meta-data-filter-and-taxonomy-filter&sfp_email=&sfph_mail=
- https://www.wordfence.com/threat-intel/vulnerabilities/id/d2ead824-2722-4b09-8387-e064dee371c1?source=cve
