CVE-2025-14371

CVE-2025-14371 : TaxoPress’s Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI (WordPress) is vulnerable due to a missing authorization check in the taxopress_ai_add_post_term function. This allows authenticated users with Contributor-level access and above to add or remove taxonomy...

CVE-2024-4199

CVE-2024-4199 concerns the Bulk Posts Editing For WordPress plugin (all versions up to 4.2.3) with a missing capability check on AJAX actions, allowing authenticated users with subscriber+ privileges to invoke plugin functions. The Wordfence entry states unauthorized access could enable post crea...

CVE-2024-4199 Bulk Posts Editing For WordPress <= 4.2.3 - Authenticated (Subscriber+) Missing Authorization

The Bulk Posts Editing For WordPress plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on the plugin's AJAX actions in all versions up to, and including, 4.2.3. This makes it possible for authenticated attackers, with subscriber access an...

PT-2024-29678 · WordPress · Bulk Posts Editing For Wordpress

Name of the Vulnerable Software and Affected Versions: Bulk Posts Editing For WordPress plugin for WordPress versions up to, and including, 4.2.3 Description: The issue is related to a missing capability check on the plugin's AJAX actions. This allows authenticated attackers with subscriber acces...