An unauthenticated SQL injection vulnerability in the MDTF plugin enables remote attackers to execute arbitrary database queries, risking full site compromise and sensitive data exposure.

This is a classic SQL injection vulnerability where the application fails to properly sanitize user-supplied input before including it in database queries. Because it is unauthenticated, any remote attacker can interact with the database without needing valid credentials.

A CVSS score of 9.3 highlights the extreme severity of this flaw. Successful exploitation allows for unauthorized access to the entire WordPress database, potentially leading to the theft of customer data, administrative account hijacking, or the deployment of malicious content, causing severe reputational and financial damage.

Immediate Action: Update the MDTF plugin to the latest available version provided by PluginUs.Net to remediate the SQL injection flaw.

Proactive Monitoring: Inspect database query logs for unusual or long-running queries and monitor for signs of unauthorized data access or administrative account creation.

Compensating Controls: Utilize a Web Application Firewall (WAF) with established rules for blocking SQL injection patterns to mitigate risks while the update process is scheduled.

Public Exploit Available: False

SQL injection is a high-risk vulnerability that requires immediate attention. Security teams must ensure all instances of the MDTF plugin are patched to the latest version to prevent potential remote database compromise.