CVE-2025-62964 identifies a Missing Authorization vulnerability in the RealMag777 MDTF WordPress plugin, specifically versions up to and including 1.3.4. MDTF is a plugin that provides meta-data filtering and taxonomy filtering capabilities within WordPress environments, often used to enhance content categorization and search functionality. The vulnerability arises from incorrectly configured access control mechanisms, allowing unauthorized users to bypass authorization checks. This means that attackers could potentially access or manipulate metadata filters or taxonomy filters without proper permissions, leading to unauthorized data exposure or modification. The vulnerability does not require authentication or user interaction, increasing the risk of exploitation. Although no known exploits are currently reported in the wild, the lack of a patch and the nature of the flaw present a significant risk. The absence of a CVSS score complicates severity assessment, but the potential impact on confidentiality and integrity of site data is considerable. The plugin is widely used in WordPress environments, which are prevalent across many European organizations, especially in sectors relying heavily on content management systems. The vulnerability was reserved and published in late October 2025, with no patch links available at this time, indicating that mitigation is currently limited to workarounds and access restrictions. Organizations using MDTF should monitor for updates and prepare to apply patches promptly once released.

For European organizations, exploitation of this vulnerability could lead to unauthorized access to sensitive content metadata and taxonomy configurations, potentially exposing confidential information or allowing attackers to alter site content categorization. This could degrade the integrity of content management systems, disrupt user experience, and damage organizational reputation. E-commerce platforms, media companies, and public sector websites relying on MDTF for filtering and taxonomy are particularly at risk. Unauthorized manipulation could also facilitate further attacks, such as privilege escalation or data exfiltration. The lack of authentication requirements and ease of exploitation increase the threat level. Additionally, regulatory compliance risks arise if personal or sensitive data is exposed, potentially leading to GDPR violations and associated penalties. The impact on availability is less direct but could occur if attackers disrupt filtering functionality, affecting site usability.

European organizations should immediately audit their WordPress environments to identify MDTF plugin installations and versions. Until a patch is available, restrict access to WordPress administrative interfaces and MDTF-specific functionalities to trusted users only, employing strict role-based access controls. Implement web application firewalls (WAFs) with custom rules to detect and block suspicious requests targeting MDTF endpoints. Monitor logs for unusual access patterns or unauthorized attempts to manipulate metadata or taxonomy filters. Consider temporarily disabling the MDTF plugin if it is not critical to operations. Stay informed through vendor and security community channels for patch releases and apply updates promptly. Additionally, conduct regular security assessments of WordPress plugins and maintain an inventory to quickly respond to emerging vulnerabilities. Educate site administrators on the risks and signs of exploitation related to this vulnerability.