CVE-2024-50450— WordPress MDTF – Meta Data and Taxonomies Filter plugin <= 1.3.3.4 - Bypass Vulnerability vulnerability
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-50450
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
WordPress MDTF – Meta Data and Taxonomies Filter plugin <= 1.3.3.4 - Bypass Vulnerability vulnerability
Source: NVD (National Vulnerability Database)
Vulnerability Description
Improper Control of Generation of Code ('Code Injection') vulnerability in RealMag777 MDTF wp-meta-data-filter-and-taxonomy-filter allows Code Injection.This issue affects MDTF: from n/a through <= 1.3.3.4.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
对生成代码的控制不恰当(代码注入)
Source: NVD (National Vulnerability Database)
Vulnerability Title
WordPress plugin WordPress Meta Data and Taxonomies Filter 代码注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin WordPress Meta Data and Taxonomies Filter 1.3.3.4版本及之前版本存在代码注入漏洞,该漏洞源于代码生成控制不当,导致代码注入漏洞。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| RealMag777 | MDTF | 0 ~ 1.3.3.4 | - |
II. Public POCs for CVE-2024-50450
| # | POC Description | Source Link | Shenlong Link |
|---|---|---|---|
| 1 | WordPress Meta Data and Taxonomies Filter (MDTF) <= 1.3.3.4 - Unauthenticated Arbitrary Shortcode Execution | https://github.com/RandomRobbieBF/CVE-2024-50450 | POC Details |
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2024-50450
请登录查看更多情报信息。
IV. Related Vulnerabilities
Same product: MDTF
- CVE-2026-32455
WordPress MDTF plugin <= 1.3.5 - Cross Site Scripting (XSS) - CVE-2025-62964
WordPress MDTF plugin <= 1.3.6 - Broken Access Control vulne - CVE-2025-62069
WordPress MDTF plugin <= 1.3.3.8 - Cross Site Scripting (XSS - CVE-2025-49907
WordPress MDTF plugin <= 1.3.3.9 - Broken Access Control vul - CVE-2025-54707
WordPress MDTF Plugin <= 1.3.3.7 - SQL Injection Vulnerabili
Same vendor: RealMag777
- CVE-2026-1672
BEAR – Bulk Editor and Products Manager Professional for Woo - CVE-2026-1673
BEAR – Bulk Editor and Products Manager Professional for Woo - CVE-2026-39497
WordPress FOX plugin <= 1.4.5 - SQL Injection vulnerability - CVE-2026-39501
WordPress FOX plugin <= 1.4.5 - Broken Access Control vulner - CVE-2026-3513
TableOn – WordPress Posts Table Filterable <= 1.0.4.4 - Auth
Same weakness: CWE-94
- CVE-2021-47939
Evolution CMS 3.1.6 Authenticated Remote Code Execution via - CVE-2021-47938
ImpressCMS 1.4.2 Remote Code Execution via Autotasks - CVE-2021-47935
Sentry 8.2.0 Remote Code Execution via Pickle Deserializatio - CVE-2022-50944
Aero CMS 0.0.1 PHP Code Injection via posts.php - CVE-2026-8211
codelibs Fess JSP File AdminDesignAction.java update code in
V. Comments for CVE-2024-50450
No comments yet