CVE-2024-9588 in Category and Taxonomy Meta Fields Plugin
Summary
by MITRE • 10/22/2024
The Category and Taxonomy Meta Fields plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on the 'wpaft_option_page' function. This makes it possible for unauthenticated attackers to add and delete taxonomy meta, granted they can trick a site administrator into performing an action such as clicking on a link.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 03/03/2025
The Category and Taxonomy Meta Fields plugin for WordPress presents a critical cross-site request forgery vulnerability identified as CVE-2024-9588 affecting versions up to and including 1.0.0. This vulnerability stems from inadequate security controls within the plugin's administrative interface, specifically targeting the 'wpaft_option_page' function that handles taxonomy meta field operations. The flaw represents a significant risk to WordPress installations as it allows unauthenticated attackers to manipulate taxonomy metadata through maliciously crafted requests that can be triggered when administrators interact with compromised links or pages. The vulnerability operates under the common weakness enumeration CWE-352 which categorizes cross-site request forgery flaws as those that permit unauthorized actions performed by victims through forged requests originating from a trusted source.
The technical implementation of this vulnerability occurs when the plugin fails to validate nonce tokens during the processing of taxonomy meta operations within the administrative dashboard. Nonce validation serves as a cryptographic token that ensures requests originate from legitimate administrative sessions and prevents attackers from crafting malicious requests that could modify taxonomy metadata without proper authorization. When this validation mechanism is absent or improperly implemented, attackers can construct specially crafted requests that, when executed by authenticated administrators, result in unauthorized modifications to taxonomy meta fields. This vulnerability specifically targets the administrative functions that manage category and taxonomy metadata, allowing attackers to add or delete taxonomy meta entries that could potentially disrupt site functionality or be leveraged for further attacks.
The operational impact of CVE-2024-9588 extends beyond simple data manipulation as it provides attackers with the capability to alter fundamental site metadata structures that WordPress relies upon for content organization and display. Administrators who fall victim to this CSRF attack could unknowingly have taxonomy meta fields modified, potentially leading to broken navigation, incorrect categorization of content, or even site functionality degradation. The vulnerability's exploitation requires social engineering elements as attackers must convince administrators to click malicious links, but once successful, the impact can be substantial as taxonomy metadata directly influences how content is organized and presented to users. This attack vector aligns with the attack technique T1566 in the ATT&CK framework, specifically targeting the initial access phase through social engineering to execute unauthorized administrative actions.
Organizations using the affected plugin version should immediately implement mitigations including upgrading to the latest available version that addresses the nonce validation issue, implementing additional administrative security measures such as two-factor authentication, and conducting thorough security audits of their WordPress installations. The vulnerability demonstrates the critical importance of proper input validation and nonce implementation in administrative interfaces, as highlighted by security best practices in both the OWASP Top Ten and NIST cybersecurity guidelines. Additionally, administrators should consider implementing web application firewalls that can detect and block suspicious administrative requests, and regularly monitor their sites for unauthorized modifications to taxonomy metadata. The vulnerability serves as a reminder of the necessity for comprehensive security testing of WordPress plugins, particularly those that modify core site functionality through administrative interfaces.