CVE-2024-13340
📋 TL;DR
The MDTF WordPress plugin has a stored XSS vulnerability in its 'mdf_results_by_ajax' shortcode that allows authenticated attackers with contributor-level access or higher to inject malicious scripts. These scripts execute when users visit compromised pages, potentially stealing session cookies or redirecting to malicious sites. All WordPress sites using MDTF plugin versions up to 1.3.3.6 are affected.
💻 Affected Systems
- MDTF – Meta Data and Taxonomies Filter WordPress plugin
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal administrator session cookies, take over the WordPress site, install backdoors, deface the site, or redirect visitors to malware distribution sites.
Likely Case
Attackers with contributor accounts inject malicious scripts that steal user session data, perform phishing attacks, or redirect users to malicious sites when they visit affected pages.
If Mitigated
With proper user access controls and content security policies, the impact is limited to potential data leakage from users visiting compromised pages.
🎯 Exploit Status
Exploitation requires contributor-level WordPress access. The vulnerability is in a widely used shortcode feature, making automated exploitation likely.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.3.3.7 or later
Vendor Advisory: https://wordpress.org/plugins/wp-meta-data-filter-and-taxonomy-filter/#developers
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'MDTF – Meta Data and Taxonomies Filter'. 4. Click 'Update Now' if available. 5. Alternatively, download version 1.3.3.7+ from WordPress.org and replace the plugin files.
🔧 Temporary Workarounds
Disable vulnerable shortcode
allRemove or disable the 'mdf_results_by_ajax' shortcode usage from all posts/pages
Search WordPress database for '[mdf_results_by_ajax' in wp_posts table and remove affected shortcodes
Restrict user permissions
allTemporarily remove contributor-level editing permissions from untrusted users
Navigate to Users → All Users in WordPress admin, edit user roles to remove contributor access
🧯 If You Can't Patch
- Implement Content Security Policy (CSP) headers to restrict script execution
- Install and configure a web application firewall (WAF) with XSS protection rules
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Installed Plugins, find MDTF plugin and verify version is 1.3.3.6 or earlierCheck Version:
wp plugin list --name='wp-meta-data-filter-and-taxonomy-filter' --field=version (if WP-CLI installed)Verify Fix Applied:
Verify plugin version is 1.3.3.7 or later in WordPress admin plugins page📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to admin-ajax.php with mdf_results_by_ajax parameters
- Multiple failed login attempts followed by successful contributor-level login
Network Indicators:
- Suspicious JavaScript payloads in HTTP POST parameters
- Unexpected outbound connections from WordPress site after page visits
SIEM Query:
source="wordpress.log" AND ("mdf_results_by_ajax" OR "admin-ajax.php") AND ("script" OR "javascript" OR "onclick")🔗 References
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3224186%40wp-meta-data-filter-and-taxonomy-filter&new=3224186%40wp-meta-data-filter-and-taxonomy-filter&sfp_email=&sfph_mail=
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3226055%40wp-meta-data-filter-and-taxonomy-filter&new=3226055%40wp-meta-data-filter-and-taxonomy-filter&sfp_email=&sfph_mail=
- https://wordpress.org/plugins/wp-meta-data-filter-and-taxonomy-filter/
- https://www.wordfence.com/threat-intel/vulnerabilities/id/fcaeae5b-4047-4f09-8197-6ce2c21cc812?source=cve
