Skip to main content

MDTF Plugin CVE-2026-54843

| EUVDEUVD-2026-39370 CRITICAL
SQL Injection (CWE-89)
2026-06-25 Patchstack GHSA-x48r-vwgp-xc93
9.3
CVSS 3.1 · Vendor: Patchstack
Share

Severity by source

Vendor (Patchstack) PRIMARY
9.3 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L
vuln.today AI
7.5 HIGH

Unauthenticated network SQLi (AV:N/AC:L/PR:N/UI:N) primarily enables database read (C:H); I/A left N absent evidence of write/DoS, and S:U since impact stays within the same database authority.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (Patchstack).

CVSS VectorVendor: Patchstack

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
None
Availability
Low

Lifecycle Timeline

1
Analysis Generated
Jun 25, 2026 - 14:19 vuln.today

DescriptionCVE.org

Unauthenticated SQL Injection in MDTF <= 1.3.7 versions.

AnalysisAI

SQL injection in the WordPress "Meta Data Filter & Taxonomy Filter" (MDTF) plugin by pluginus.net affects all versions up to and including 1.3.7, allowing remote attackers to inject arbitrary SQL into backend queries without authentication. Per the provided CVSS vector (PR:N), exploitation requires no login, and the high CVSS base score of 9.3 reflects network reachability plus a scope change. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify site running MDTF ≤1.3.7
Delivery
Send crafted filter HTTP request
Exploit
Inject SQL via filter parameter
Execution
Database executes attacker query
Impact
Exfiltrate credentials and sensitive data

Vulnerability AssessmentAI

Exploitation Exploitation requires that the target WordPress site has the MDTF (Meta Data Filter & Taxonomy Filter) plugin version 1.3.7 or earlier installed and active, with at least one front-end filter endpoint reachable over the network. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The supplied signals are partly consistent and partly thin: the CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N) indicates a network-reachable, low-complexity, unauthenticated attack, which is the worst-case profile for a SQLi and aligns with the 9.3 score. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An unauthenticated attacker sends a crafted HTTP request to a public page that invokes the MDTF filter, injecting malicious SQL into a vulnerable filter parameter to extract sensitive data such as user credentials or session/option secrets from the WordPress database. Given AV:N and AC:L, this can be automated at scale against any internet-exposed site running MDTF; no public exploit code has been identified at time of analysis, but unauthenticated SQLi of this class is straightforward to reproduce.
Remediation No vendor-released patch version was identified in the available data, so confirm the latest release on the plugin page and upgrade to any version newer than 1.3.7 as soon as the vendor publishes a fix (consult the Patchstack advisory at https://patchstack.com/database/wordpress/plugin/wp-meta-data-filter-and-taxonomy-filter/vulnerability/wordpress-mdtf-plugin-1-3-7-sql-injection-vulnerability?_s_id=cve for fix tracking). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Audit all WordPress installations to identify if MDTF plugin is installed and its version; document affected sites and their criticality. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-54843 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy