WordPress Plugin Vulnerabilities

WordPress Meta Data and Taxonomies Filter (MDTF) < 1.3.3.2 - Cross-Site Request Forgery

Description

The WordPress Meta Data and Taxonomies Filter (MDTF) plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.3.1. This is due to missing or incorrect nonce validation on the change_meta_key() function. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Affects Plugins

Plugin icon
wp-meta-data-filter-and-taxonomy-filter
Fixed in 1.3.3.2

References

CVE
CVE-2024-30457
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/325298a6-954b-4cf7-a96a-9571cdb0b5a5

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Dhabaleshwar Das
Verified
No
WPVDB ID
5a426a51-f29f-48c7-87f3-d46223bb5b4b

Timeline

Publicly Published
2024-03-28 (about 2 years ago)
Added
2024-04-03 (about 2 years ago)
Last Updated
2024-04-03 (about 2 years ago)

Other

Published
Title
Published
2025-06-25
Title
Homerunner < 1.0.31 - Cross-Site Request Forgery to Settings Update
Published
2026-04-30
Title
WP Editor < 1.2.9.3 - Cross-Site Request Forgery to Remote Code Execution via Plugin and Theme File Editor
Published
2022-10-31
Title
Restaurant Menu < 2.3.2 - Multiple CSRF
Published
2025-05-07
Title
WP Fundraising Donation and Crowdfunding Platform < 1.7.4 - Cross-Site Request Forgery
Published
2014-12-18
Title
Gslideshow <= 0.1 - Multiple CSRF