This vulnerability is a missing authorization flaw that permits attackers to gain unauthorized access to protected functionality within the RealMag777 MDTF WordPress plugin. The flaw is known as CWE‑862 and arises from incorrectly configured access control security levels. Because the plugin exposes endpoints that can be used without proper privilege checks, an attacker who can send crafted requests to the plugin may potentially retrieve or manipulate data that should be restricted.

RealMag777 MDTF wp‑meta‑data‑filter‑and‑taxonomy‑filter versions up to 1.3.3.9 are affected. The vulnerability applies broadly to installations that have not upgraded beyond this version. Because the product is a WordPress plug‑in, any site running a vulnerable instance is at risk until the issue is mitigated.

The CVSS score of 4.3 indicates moderate severity and the EPSS score of less than 1 % implies a low probability of exploitation at this time. The flaw is not listed in the CISA KEV catalog. Exploitation requires only the ability to send requests to the plug‑in; no privilege escalation beyond the user’s existing role is necessary once the unauthorized access is achieved. The attack vector is inferred to be remote over the internet, via standard HTTP/HTTPS traffic, as the plug‑in processes requests from the web interface.