CVE-2024-50451: 
WordPress vulnerability analysis and mitigation

A stored Cross-Site Scripting (XSS) vulnerability was discovered in the WordPress Meta Data and Taxonomies Filter (MDTF) plugin affecting versions up to 1.3.3.4. The vulnerability was reported on September 23, 2024, and publicly disclosed on October 24, 2024. This security issue has been assigned CVE-2024-50451 (Patchstack).

The vulnerability is classified as an Improper Neutralization of Input During Web Page Generation (CWE-79). It received a CVSS v3.1 base score of 5.4 (Medium) from NIST with a vector string of CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N, while Patchstack assigned it a slightly higher score of 6.5 (Medium) with vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L (NVD).

The vulnerability could allow a malicious actor to inject malicious scripts, including redirects, advertisements, and other HTML payloads into the website. These injected scripts would be executed when visitors access the affected site (Patchstack).

The vulnerability has been patched in version 1.3.3.5 of the WordPress Meta Data and Taxonomies Filter plugin. Users are advised to update to this version or later to remove the vulnerability. Patchstack users can enable auto-update functionality for vulnerable plugins as an additional security measure (Patchstack).