2 matches found
CVE-2025-13354 Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI <= 3.40.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Taxonomy Term Manipulation
The Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.40.1. This is due to the plugin not properly verifying that a user is authorized to perform an action in the...
CVE-2025-13354
The CVE-2025-13354 entry concerns the Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI plugin for WordPress (TaxoPress). Affected versions up to 3.40.1 are vulnerable to an authorization bypass in the taxopress_merge_terms_batch function, allowing authenticated attackers with subsc...