Severity by source
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L
Unauthenticated network SQLi (AV:N/AC:L/PR:N/UI:N) primarily enables database read (C:H); I/A left N absent evidence of write/DoS, and S:U since impact stays within the same database authority.
Primary rating from Vendor (Patchstack).
CVSS VectorVendor: Patchstack
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L
Lifecycle Timeline
1DescriptionCVE.org
Unauthenticated SQL Injection in MDTF <= 1.3.7 versions.
AnalysisAI
SQL injection in the WordPress "Meta Data Filter & Taxonomy Filter" (MDTF) plugin by pluginus.net affects all versions up to and including 1.3.7, allowing remote attackers to inject arbitrary SQL into backend queries without authentication. Per the provided CVSS vector (PR:N), exploitation requires no login, and the high CVSS base score of 9.3 reflects network reachability plus a scope change. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires that the target WordPress site has the MDTF (Meta Data Filter & Taxonomy Filter) plugin version 1.3.7 or earlier installed and active, with at least one front-end filter endpoint reachable over the network. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The supplied signals are partly consistent and partly thin: the CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N) indicates a network-reachable, low-complexity, unauthenticated attack, which is the worst-case profile for a SQLi and aligns with the 9.3 score. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An unauthenticated attacker sends a crafted HTTP request to a public page that invokes the MDTF filter, injecting malicious SQL into a vulnerable filter parameter to extract sensitive data such as user credentials or session/option secrets from the WordPress database. Given AV:N and AC:L, this can be automated at scale against any internet-exposed site running MDTF; no public exploit code has been identified at time of analysis, but unauthenticated SQLi of this class is straightforward to reproduce. |
| Remediation | No vendor-released patch version was identified in the available data, so confirm the latest release on the plugin page and upgrade to any version newer than 1.3.7 as soon as the vendor publishes a fix (consult the Patchstack advisory at https://patchstack.com/database/wordpress/plugin/wp-meta-data-filter-and-taxonomy-filter/vulnerability/wordpress-mdtf-plugin-1-3-7-sql-injection-vulnerability?_s_id=cve for fix tracking). … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Audit all WordPress installations to identify if MDTF plugin is installed and its version; document affected sites and their criticality. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Unauthenticated local file inclusion in the WordPress 'Meta Data and Taxonomy Filter' (MDTF) plugin by pluginus.net affe
A DOM-Based Cross-Site Scripting (XSS) vulnerability exists in the RealMag777 MDTF (Meta Data Filter and Taxonomy Filter
Same weakness CWE-89 – SQL Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-39370
GHSA-x48r-vwgp-xc93