Mdtf
Monthly
A DOM-Based Cross-Site Scripting (XSS) vulnerability exists in the RealMag777 MDTF (Meta Data Filter and Taxonomy Filter) WordPress plugin affecting versions up to and including 1.3.5. An authenticated attacker with low privileges can inject malicious scripts that execute in the context of other users' browsers, potentially leading to session hijacking, credential theft, or unauthorized actions. The vulnerability requires user interaction (UI:R) and is classified as moderate severity (CVSS 6.5), though its exploitability depends on plugin popularity and whether public proof-of-concept code becomes available.
A DOM-Based Cross-Site Scripting (XSS) vulnerability exists in the RealMag777 MDTF (Meta Data Filter and Taxonomy Filter) WordPress plugin affecting versions up to and including 1.3.5. An authenticated attacker with low privileges can inject malicious scripts that execute in the context of other users' browsers, potentially leading to session hijacking, credential theft, or unauthorized actions. The vulnerability requires user interaction (UI:R) and is classified as moderate severity (CVSS 6.5), though its exploitability depends on plugin popularity and whether public proof-of-concept code becomes available.