CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2026/01/06 7:22 a.m.•1 views

CVE-2025-14371 TaxoPress <= 3.41.0 - Missing Authorization to Authenticated (Contributor+) Arbitrary Post Tag Modification

4.3CVSS4.7AI score0.00045EPSS

Cvelist•added 2026/01/06 7:22 a.m.•28 views

CVE-2025-14371 TaxoPress <= 3.41.0 - Missing Authorization to Authenticated (Contributor+) Arbitrary Post Tag Modification

4.3CVSS0.00045EPSS

CNNVD•added 2026/01/06 12:0 a.m.•0 views

WordPress plugin Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. WordPress plugin Tag...

4.3CVSS6.3AI score0.00045EPSS

Positive Technologies•added 2026/01/06 12:0 a.m.•1 views

PT-2026-1421

Name of the Vulnerable Software and Affected Versions The Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI plugin for WordPress versions through 3.41.0 Description The software contains a flaw that allows unauthorized modification of data. Specifically, a missing capability check...

4.3CVSS6.2AI score0.00045EPSS

Exploits0References6

NVD•added 2025/12/06 5:16 a.m.•1 views

CVE-2025-13922

The Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'existingtermsorderby' parameter in the AI preview AJAX endpoint in all versions up to, and including, 3.40.1. This is due to insufficient escaping on...

6.5CVSS0.00029EPSS

Cvelist•added 2025/12/06 4:37 a.m.•13 views

CVE-2025-13922 Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI <= 3.40.1 - Authenticated (Contributor+) SQL Injection via ORDER BY Clause

6.5CVSS0.00029EPSS

OSV•added 2025/12/03 2:15 p.m.•2 views

CVE-2025-13359

The Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI plugin for WordPress is vulnerable to time-based SQL Injection via the "getTermsForAjax" function in all versions up to, and including, 3.40.1. This is due to insufficient escaping on the user supplied parameters and lack of...

6.5CVSS6.5AI score

NVD•added 2025/12/03 2:15 p.m.•2 views

CVE-2025-13354

The Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.40.1. This is due to the plugin not properly verifying that a user is authorized to perform an action in the...

4.3CVSS0.00036EPSS

Cvelist•added 2025/12/03 1:52 p.m.•9 views

CVE-2025-13359 Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI <= 3.40.1 - Authenticated (Contributor+) SQL Injection

6.5CVSS0.00028EPSS

Vulnrichment•added 2025/12/03 1:52 p.m.•3 views

CVE-2025-13359 Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI <= 3.40.1 - Authenticated (Contributor+) SQL Injection

6.5CVSS6.2AI score0.00028EPSS

EUVD•added 2025/12/03 1:52 p.m.•2 views

EUVD-2025-200977

6.5CVSS6.1AI score0.00028EPSS

CVE•added 2025/12/03 1:52 p.m.•8 views

CVE-2025-13359

The CVE concerns WordPress Tag, Category, and Taxonomy Manager (AI Autotagger) by TaxoPress. A time-based SQL Injection exists in getTermsForAjax in all versions up to 3.40.1 due to insufficient escaping and query preparation, enabling authenticated attackers with contributor-level access (and me...

6.5CVSS6.2AI score0.00028EPSS

Exploits0References2Affected Software1

CVE•added 2025/12/03 1:52 p.m.•5 views

CVE-2025-13354

The CVE-2025-13354 entry concerns the Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI plugin for WordPress (TaxoPress). Affected versions up to 3.40.1 are vulnerable to an authorization bypass in the taxopress_merge_terms_batch function, allowing authenticated attackers with subsc...

4.3CVSS5.6AI score0.00036EPSS

Exploits0References2Affected Software1

OSV•added 2025/11/08 4:15 a.m.•3 views

CVE-2025-11972

The Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI plugin for WordPress is vulnerable to SQL Injection via the 'posttypes' parameter in all versions up to, and including, 3.40.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

4.9CVSS6.6AI score

Cvelist•added 2025/11/08 3:27 a.m.•7 views

CVE-2025-11972 Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI <= 3.40.0 - Authenticated (Editor+) SQL Injection

4.9CVSS0.00031EPSS

CVE•added 2025/11/08 3:27 a.m.•9 views

CVE-2025-11972

The CVE-2025-11972 issue affects the WordPress plugin Tag, Category, and Taxonomy Manager – AI Autotagger (TaxoPress) for WordPress, specifically versions up to and including 3.40.0. The root cause is insufficient escaping and inadequate preparation of the existing SQL query when handling the pos...

4.9CVSS6.2AI score0.00031EPSS

Vulnrichment•added 2025/11/08 3:27 a.m.•1 views

CVE-2025-11972 Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI <= 3.40.0 - Authenticated (Editor+) SQL Injection

4.9CVSS5.9AI score0.00031EPSS

CNNVD•added 2025/11/08 12:0 a.m.•1 views

WordPress plugin Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin ... WordPress...

4.9CVSS7.5AI score0.00031EPSS