CVE-2024-8624
📋 TL;DR
This SQL injection vulnerability in the MDTF WordPress plugin allows authenticated attackers with Contributor-level access or higher to inject malicious SQL queries through the 'meta_key' parameter. This can lead to unauthorized data extraction from the WordPress database, potentially exposing sensitive information like user credentials, personal data, or site content.
💻 Affected Systems
- MDTF – Meta Data and Taxonomies Filter WordPress plugin
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise leading to data exfiltration, privilege escalation to administrator, and potential site takeover.
Likely Case
Extraction of sensitive user data, plugin/theme settings, and potentially hashed passwords from the database.
If Mitigated
Limited impact if proper input validation and parameterized queries are implemented, restricting data access to authorized users only.
🎯 Exploit Status
Exploitation requires authenticated access but uses simple SQL injection techniques that are well-documented and easily weaponized.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.3.3.4 or later
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'MDTF – Meta Data and Taxonomies Filter'. 4. Click 'Update Now' if available, or manually update to version 1.3.3.4+. 5. Verify the plugin is active and functioning correctly.
🔧 Temporary Workarounds
Disable vulnerable shortcode
allRemove or disable the 'mdf_select_title' shortcode from all posts/pages/widgets
Search WordPress database for '[mdf_select_title' in post_content, post_excerpt, and widget options
Restrict user roles
allTemporarily remove Contributor and higher roles from untrusted users
Navigate to Users > All Users in WordPress admin, edit user roles to remove Contributor/Author/Editor/Admin from suspicious accounts
🧯 If You Can't Patch
- Disable the MDTF plugin entirely until patched
- Implement web application firewall (WAF) rules to block SQL injection patterns targeting the meta_key parameter
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin > Plugins > Installed Plugins for MDTF version. If version is 1.3.3.3 or lower, you are vulnerable.Check Version:
wp plugin list --name='MDTF – Meta Data and Taxonomies Filter' --field=version (WP-CLI) OR check wp-content/plugins/wp-meta-data-filter-and-taxonomy-filter/readme.txtVerify Fix Applied:
Verify MDTF plugin version is 1.3.3.4 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual database queries containing meta_key parameter manipulation
- Multiple failed login attempts followed by SQL error messages
- Database queries with unusual UNION SELECT patterns
Network Indicators:
- HTTP POST requests to WordPress with meta_key parameter containing SQL syntax
- Unusual database connection patterns from web server
SIEM Query:
source="wordpress.log" AND ("mdf_select_title" OR "meta_key") AND ("UNION" OR "SELECT" OR "FROM" OR "WHERE" OR "--" OR "#" OR ";")🔗 References
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3153150%40wp-meta-data-filter-and-taxonomy-filter&new=3153150%40wp-meta-data-filter-and-taxonomy-filter&sfp_email=&sfph_mail=
- https://www.wordfence.com/threat-intel/vulnerabilities/id/8f50812a-c6a7-4bb3-9833-e10acd0460c0?source=cve
