CVE-2024-50450

Improper Control of Generation of Code ('Code Injection') (CWE-94)

Published: Oct 28, 2024 / Updated: 22d ago

010
CVSS 9.8EPSS 0.04%Critical
CVE info copied to clipboard

Summary

Improper Control of Generation of Code ('Code Injection') vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF) allows Code Injection. This issue affects WordPress Meta Data and Taxonomies Filter (MDTF) from an unspecified version through 1.3.3.4.

Impact

This vulnerability has a high severity with a CVSS v3.1 base score of 9.8 out of 10. It allows for remote code execution without requiring user interaction or privileges. The impact on confidentiality, integrity, and availability is high, potentially allowing attackers to execute arbitrary code, modify data, and disrupt services. Given the nature of code injection vulnerabilities, attackers could potentially gain full control over the affected WordPress sites, leading to data theft, defacement, or using the compromised site as a pivot for further attacks.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

A patch is available. The vulnerability affects WordPress Meta Data and Taxonomies Filter (MDTF) versions up to and including 1.3.3.4. It is implied that versions 1.3.3.5 and later have addressed this vulnerability.

Mitigation

1. Immediately update the WordPress Meta Data and Taxonomies Filter (MDTF) plugin to version 1.3.3.5 or later if available. 2. If immediate updating is not possible, consider temporarily disabling the MDTF plugin until it can be updated. 3. Implement strong input validation and sanitization practices for all user inputs. 4. Regularly monitor WordPress and plugin updates, and implement a robust patch management process. 5. Use Web Application Firewalls (WAF) to help detect and block code injection attempts. 6. Conduct a thorough security audit of the WordPress installation and all installed plugins to identify and address any other potential vulnerabilities.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Timeline

First Article

Feedly found the first article mentioning CVE-2024-50450. See article

Oct 28, 2024 at 12:05 PM / Vulners.com RSS Feed
CVE Assignment

NVD published the first details for CVE-2024-50450

Oct 28, 2024 at 12:15 PM
CVSS

A CVSS base score of 7.3 has been assigned.

Oct 28, 2024 at 12:20 PM / nvd
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Oct 28, 2024 at 12:21 PM
EPSS

EPSS Score was set to: 0.04% (Percentile: 9.9%)

Oct 29, 2024 at 9:43 AM
CVSS

A CVSS base score of 9.8 has been assigned.

Oct 29, 2024 at 4:10 PM / nvd
Static CVE Timeline Graph

Affected Systems

Pluginus/wordpress_meta_data_and_taxonomies_filter
+null more

Attack Patterns

CAPEC-242: Code Injection
+null more

News

Wordfence Intelligence Weekly WordPress Vulnerability Report (October 21, 2024 to October 27, 2024)
The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week: WordPress Plugins with Reported Vulnerabilities Last Week
Update Thu Oct 31 14:35:57 UTC 2024
Update Thu Oct 31 14:35:57 UTC 2024
CVE-2024-50450
High Severity Description Improper Control of Generation of Code ('Code Injection') vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF) allows Code Injection.This issue affects WordPress Meta Data and Taxonomies Filter (MDTF): from n/a through 1.3.3.4. Read more at https://www.tenable.com/cve/CVE-2024-50450
NA - CVE-2024-50450 - Improper Control of Generation of Code...
Improper Control of Generation of Code ('Code Injection') vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF) allows Code Injection.This issue affects WordPress...
WordPress MDTF – Meta Data and Taxonomies Filter plugin <= 1.3.3.4 - Bypass Vulnerability vulnerability
Realmag777 - HIGH - CVE-2024-50450 Improper Control of Generation of Code ('Code Injection') vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF) allows Code Injection.This issue affects WordPress Meta Data and Taxonomies Filter (MDTF): from n/a through 1.3.3.4.
See 5 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:None
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI