GCVE - cpe:2.3:a:pluginus:meta_data_and_taxonomies

Approved changes feed: RSS · Atom

cpe:2.3:a:pluginus:meta_data_and_taxonomies_filter:*:*:*:*:*:wordpress:*:*

part: a version: * update: *

Vendor	Pluginus (`b2d4bfa9-c97b-5f60-91a9-fcfd90546f78`)
Product	Meta Data And Taxonomies Filter (`f519f561-cbc2-5355-ad06-367fa409ad39`)
Edition	*
Language	*
Software edition	*
Target software	wordpress
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:github/wp-plugins/wp-meta-data-filter-and-taxonomy-filter`	purl2cpe	2026-06-01 10:11:17.007890

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-50451`	vulnerable	2026-06-03 14:57:24.316784	WordPress MDTF – Meta Data and Taxonomies Filter plugin <= 1.3.3.4 - Cross Site Scripting (XSS) vulnerability MEDIUM (6.5) Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RealMag777 MDTF wp-meta-data-filter-and-taxonomy-filter.This issue affects MDTF: from n/a through <= 1.3.3.4. Published: 2024-10-28T17:53:35.123Z Updated: 2026-05-11T21:19:22.948Z Open on db.gcve.eu Reference links https://patchstack.com/database/Wordpress/Plugin/wp-meta-data-filter-and-taxonomy-filter/vulnerability/wordpress-mdtf-meta-data-and-taxonomies-filter-plugin-1-3-3-4-cross-site-scripting-xss-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-13340`	vulnerable	2026-06-03 14:54:24.310957	MDTF – Meta Data and Taxonomies Filter <= 1.3.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting MEDIUM (6.4) The MDTF – Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mdf_results_by_ajax' shortcode in all versions up to, and including, 1.3.3.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Published: 2025-01-23T11:13:30.092Z Updated: 2026-04-08T17:34:50.790Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/fcaeae5b-4047-4f09-8197-6ce2c21cc812?source=cve https://wordpress.org/plugins/wp-meta-data-filter-and-taxonomy-filter/ https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3226055%40wp-meta-data-filter-and-taxonomy-filter&new=3226055%40wp-meta-data-filter-and-taxonomy-filter&sfp_email=&sfph_mail= https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3224186%40wp-meta-data-filter-and-taxonomy-filter&new=3224186%40wp-meta-data-filter-and-taxonomy-filter&sfp_email=&sfph_mail=	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Meta Data And Taxonomies Filter

PURL mappings

Vulnerability references

Contribute