CVE-2024-50450
📋 TL;DR
This vulnerability allows attackers to inject and execute arbitrary code on WordPress sites using the Meta Data and Taxonomies Filter (MDTF) plugin. It affects all WordPress installations with MDTF plugin versions up to 1.3.3.4, potentially compromising the entire site.
💻 Affected Systems
- WordPress Meta Data and Taxonomies Filter (MDTF) plugin
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete site takeover, data theft, malware distribution, and server compromise leading to lateral movement within the hosting environment.
Likely Case
Website defacement, backdoor installation, credential theft, and SEO spam injection.
If Mitigated
Limited impact if proper input validation and output escaping are implemented, though code execution remains possible.
🎯 Exploit Status
Code injection vulnerabilities in WordPress plugins are frequently exploited in the wild, though no specific exploit code is publicly documented for this CVE.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.3.3.5 or later
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'Meta Data and Taxonomies Filter (MDTF)'. 4. Click 'Update Now' if available, or manually update to version 1.3.3.5+. 5. Verify the plugin is updated.
🔧 Temporary Workarounds
Disable vulnerable plugin
allTemporarily deactivate the MDTF plugin until patched
wp plugin deactivate wp-meta-data-filter-and-taxonomy-filter
Remove plugin files
linuxCompletely remove the vulnerable plugin files from the server
rm -rf /path/to/wp-content/plugins/wp-meta-data-filter-and-taxonomy-filter/
🧯 If You Can't Patch
- Immediately disable or remove the MDTF plugin from all affected WordPress installations
- Implement web application firewall (WAF) rules to block code injection patterns
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Plugins > Installed Plugins for MDTF version 1.3.3.4 or earlierCheck Version:
wp plugin get wp-meta-data-filter-and-taxonomy-filter --field=versionVerify Fix Applied:
Confirm MDTF plugin version is 1.3.3.5 or higher in WordPress plugins list📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to WordPress admin-ajax.php or admin-post.php with MDTF parameters
- Unexpected file creation in wp-content directories
- Suspicious PHP code execution in web server logs
Network Indicators:
- HTTP requests containing eval(), system(), or base64_decode() patterns in MDTF-related parameters
- Unusual outbound connections from WordPress server
SIEM Query:
source="web_server_logs" AND (uri_path="*admin-ajax.php*" OR uri_path="*admin-post.php*") AND query_string="*mdtf*" AND (query_string="*eval*" OR query_string="*system*" OR query_string="*base64*")