CVE-2026-54845

CVE-2026-54845 : Unauthenticated Local File Inclusion in the WordPress MDTF plugin (versions <= 1.3.8). The vulnerability affects the MDTF component of the WordPress plugin, enabling unauthorized access to local files. Root cause: Local File Inclusion in MDTF <= 1.3.8. Exploitation details ...

CVE-2026-54845 WordPress MDTF plugin <= 1.3.8 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in MDTF = 1.3.8 versions...

WordPress MDTF plugin <= 1.3.7 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Roll in WordPress Plugin MDTF versions = 1.3.7...

CVE-2025-62964 WordPress MDTF plugin <= 1.3.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in RealMag777 MDTF wp-meta-data-filter-and-taxonomy-filter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MDTF: from n/a through = 1.3.6...

CVE-2025-49907 WordPress MDTF plugin <= 1.3.3.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in RealMag777 MDTF wp-meta-data-filter-and-taxonomy-filter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MDTF: from n/a through = 1.3.3.9...

CVE-2025-49907 WordPress MDTF plugin <= 1.3.3.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in RealMag777 MDTF wp-meta-data-filter-and-taxonomy-filter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MDTF: from n/a through = 1.3.3.9...

CVE-2024-50451

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RealMag777 MDTF wp-meta-data-filter-and-taxonomy-filter.This issue affects MDTF: from n/a through = 1.3.3.4...

WordPress MDTF plugin <= 1.3.3.3 - Authenticated (Contributor+) SQL Injection vulnerability

Authenticated Contributor+ SQL Injection vulnerability discovered by Krzysztof Zając in WordPress Plugin MDTF versions = 1.3.3.3...

WordPress MDTF plugin <= 1.3.3.3 - Unauthenticated Arbitrary Shortcode Execution vulnerability

Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by Krzysztof Zając in WordPress Plugin MDTF versions = 1.3.3.3...

WordPress WordPress Meta Data and Taxonomies Filter (MDTF) Plugin <= 1.3.3 is vulnerable to Broken Access Control

Software WordPress Meta Data and Taxonomies Filter MDTF Type Plugin Vulnerable versions = 1.3.3 Fixed in 1.3.3.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32818 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 5f547c0fe34d...

WordPress WordPress Meta Data and Taxonomies Filter (MDTF) Plugin <= 1.3.3.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software WordPress Meta Data and Taxonomies Filter MDTF Type Plugin Vulnerable versions = 1.3.3.1 Fixed in 1.3.3.2 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-30457 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID...

CVE-2024-29763 WordPress MDTF – Meta Data and Taxonomies Filter plugin <= 1.3.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter MDTF allows Reflected XSS.This issue affects WordPress Meta Data and Taxonomies Filter MDTF: from n/a through 1.3.3...

CVE-2024-29906

Technical details about CVE-2024-29906 are not provided in the connected documents. Public details appear limited to general description; monitor for updates from vendors/security researchers.