CVE-2023-28664

Summary

The Meta Data and Taxonomies Filter WordPress plugin, in versions < 1.3.1, is affected by a reflected cross-site scripting vulnerability in the 'tax_name' parameter of the mdf_get_tax_options_in_widget action, which can only be triggered by an authenticated user.

Affected Software

VendorProductVersion RangeStatus
n/aMeta Data and Taxonomies Filter WordPress Plugin< 1.3.1affected

Weaknesses

  • Authenticated Reflected Cross-Site Scripting

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References