Missing Authorization Vulnerability Affects WordPress MDTF
CVE-2024-32818

4.3MEDIUM

What is CVE-2024-32818?

A missing authorization vulnerability has been identified in the realmag777 Meta Data and Taxonomies Filter (MDTF) plugin for WordPress. This flaw allows unauthorized access to certain functionalities, potentially enabling attackers to exploit the plugin's features that should be restricted. The vulnerability impacts all versions from the initial release up to 1.3.3, putting sites utilizing this plugin at risk of unauthorized actions within the WordPress environment.

Affected Version(s)

WordPress Meta Data and Taxonomies Filter (MDTF) <= 1.3.3

References

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Abdi Pranata (Patchstack Alliance)
.