CVE-2023-28664

State: PUBLISHED · Published: 2023-03-22 · Updated: 2025-02-25 · Assigner: tenable

Description

The Meta Data and Taxonomies Filter WordPress plugin, in versions < 1.3.1, is affected by a reflected cross-site scripting vulnerability in the 'tax_name' parameter of the mdf_get_tax_options_in_widget action, which can only be triggered by an authenticated user.

CWE

CWE-79 — CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected

n/a / Meta Data and Taxonomies Filter WordPress Plugin — v=< 1.3.1 [affected]

CVSS

(none)

References

https://www.tenable.com/security/research/tra-2023-3

Source

cvelistV5-main/cves/2023/28xxx/CVE-2023-28664.json