Lucene search
WpvulndbWPEX-ID:23412462-005F-45B5-9C7A-6473B7FA3AC7HistoryMar 22, 2023 - 12:00 a.m.
MDTF < 1.3.1 - Reflected XSS
2023-03-2200:00:00
wpvulndb
50
mdtf version 1.3.1
reflected xss
admin
https
admin-ajax.php
0.001 Low
EPSS
Percentile
23.3%
The plugin does not sanitise and escape the tax_name parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Make a logged in admin open https://example.com/wp-admin/admin-ajax.php?action=mdf_get_tax_options_in_widget&tax_name=<svg/onload=alert(1)>Related
prion
prion
Cross site scripting
2023-03-22 21:15:00
cvelist
cvelist
CVE-2023-28664
2023-03-22 00:00:00
wpvulndb
wpvulndb
MDTF < 1.3.1 - Reflected XSS
2023-03-22 00:00:00
nvd
nvd
CVE-2023-28664
2023-03-22 21:15:19
cve
cve
CVE-2023-28664
2023-03-22 21:15:19
openvas
openvas
WordPress Meta Data and Taxonomies Filter Plugin < 1.3.1 XSS Vulnerability
2023-08-29 00:00:00
wordfence
wordfence