CVE-2024-8623
📋 TL;DR
The MDTF WordPress plugin allows unauthenticated attackers to execute arbitrary shortcodes due to improper input validation. This affects all WordPress sites using MDTF plugin versions up to 1.3.3.3, potentially enabling content injection, privilege escalation, or remote code execution.
💻 Affected Systems
- MDTF – Meta Data and Taxonomies Filter WordPress Plugin
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers could execute arbitrary PHP code via malicious shortcodes, leading to complete site compromise, data theft, or server takeover.
Likely Case
Attackers inject malicious content, redirect users to phishing sites, or escalate privileges by executing administrative shortcodes.
If Mitigated
With proper input validation and security plugins, impact is limited to content manipulation without code execution.
🎯 Exploit Status
No public PoC yet, but the vulnerability is simple to exploit and unauthenticated, making weaponization likely.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.3.3.4 or later
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'MDTF – Meta Data and Taxonomies Filter'. 4. Click 'Update Now' if available, or manually update to version 1.3.3.4+. 5. Verify update completes successfully.
🔧 Temporary Workarounds
Disable MDTF Plugin
allTemporarily disable the vulnerable plugin until patching is possible.
wp plugin deactivate wp-meta-data-filter-and-taxonomy-filter
Restrict Access with WAF
allBlock requests to vulnerable endpoints using web application firewall rules.
🧯 If You Can't Patch
- Immediately disable the MDTF plugin via WordPress admin or command line.
- Implement strict input validation at application level to filter shortcode execution attempts.
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Installed Plugins for MDTF version. If version is 1.3.3.3 or lower, you are vulnerable.Check Version:
wp plugin get wp-meta-data-filter-and-taxonomy-filter --field=versionVerify Fix Applied:
After update, confirm MDTF plugin version is 1.3.3.4 or higher in WordPress plugins list.📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to WordPress endpoints with shortcode parameters
- Unexpected execution of do_shortcode() in debug logs
Network Indicators:
- HTTP requests containing [shortcode] patterns to WordPress sites
- Traffic spikes to plugin-specific endpoints
SIEM Query:
source="wordpress.log" AND ("do_shortcode" OR "[shortcode]") AND status=200🔗 References
- https://plugins.trac.wordpress.org/browser/wp-meta-data-filter-and-taxonomy-filter/trunk/classes/page.php#L248
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3150646%40wp-meta-data-filter-and-taxonomy-filter&new=3150646%40wp-meta-data-filter-and-taxonomy-filter&sfp_email=&sfph_mail=
- https://www.wordfence.com/threat-intel/vulnerabilities/id/ba584e02-5242-4869-a452-21e6b8995bd8?source=cve
