CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Lifecycle Timeline
2DescriptionNVD
Missing Authorization vulnerability in RealMag777 MDTF wp-meta-data-filter-and-taxonomy-filter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MDTF: from n/a through <= 1.3.6.
AnalysisAI
Broken access control in RealMag777 MDTF (WordPress Meta Data Filter and Taxonomy Filter) plugin versions up to 1.3.6 allows low-privileged authenticated users to bypass authorization controls and access or modify sensitive metadata and taxonomy filter configurations. While rated CVSS 8.1 (High), real-world exploitation risk remains moderate with EPSS at 0.03% (9th percentile) and no confirmed active exploitation or public exploit code identified at time of analysis. This authentication bypass vulnerability was disclosed by Patchstack's security audit team.
Technical ContextAI
The WordPress MDTF plugin provides metadata and taxonomy filtering capabilities for WordPress sites. The vulnerability stems from CWE-862 (Missing Authorization), where the plugin fails to properly validate user permissions before granting access to privileged operations. Unlike authentication bypass (CWE-287), this is an authorization flaw - users can authenticate successfully but the application incorrectly grants them access to functions beyond their privilege level. The CVSS vector indicates network-accessible exploitation with low attack complexity, requiring only low-privilege authentication (PR:L). The plugin likely exposes administrative API endpoints or AJAX handlers without proper capability checks using WordPress's current_user_can() authorization framework, allowing subscriber or contributor-level users to perform actions reserved for administrators.
Affected ProductsAI
WordPress MDTF (wp-meta-data-filter-and-taxonomy-filter) plugin by RealMag777, all versions from unknown baseline through version 1.3.6 inclusive. The Patchstack advisory specifically references version 1.3.4 as vulnerable, with the CVE description confirming the vulnerability persists through version 1.3.6. All WordPress installations running any version of this plugin in the affected range are vulnerable to unauthorized access by low-privileged authenticated users. Vendor advisory and technical details available at https://patchstack.com/database/Wordpress/Plugin/wp-meta-data-filter-and-taxonomy-filter/vulnerability/wordpress-mdtf-plugin-1-3-4-broken-access-control-vulnerability?_s_id=cve
RemediationAI
Upgrade the MDTF plugin to version 1.3.7 or later if available from the WordPress plugin repository or vendor. Site administrators should verify current installed version in WordPress admin under Plugins and apply available updates immediately. Until patching, implement compensatory controls: disable public user registration if enabled (Settings > General > Membership), audit existing low-privilege user accounts for legitimacy, implement Web Application Firewall rules to monitor for suspicious AJAX requests to plugin endpoints, and consider temporarily deactivating the plugin if metadata filtering functionality is non-critical. Review WordPress user roles and ensure principle of least privilege. Monitor access logs for unusual activity from subscriber or contributor accounts. Consult the Patchstack advisory for additional mitigation guidance and indicators of compromise. If vendor has not released version 1.3.7, contact RealMag777 directly or consider migration to an alternative metadata filtering solution with active security maintenance.
Share
External POC / Exploit Code
Leaving vuln.today