cleantalk
Vulnerabilities and Security Researches

WordPress Tag and Category Manager – AI Autotagger, CVE-2025-13354

CVE, Research URL

CVE-2025-13354

Home page URL

Security reports for WordPress Tag and Category Manager – AI Autotagger

Application

WordPress Tag and Category Manager – AI Autotagger

Published on
Dec 03, 2025
Research Description
The Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.40.1. This is due to the plugin not properly verifying that a user is authorized to perform an action in the "taxopress_merge_terms_batch" function. This makes it possible for authenticated attackers, with subscriber level access and above, to merge or delete arbitrary taxonomy terms.
Affected versions
max 3.41.0.
Status
vulnerable
Previous vulnerability researches
Magento 2 WordPress Integration (CVE-2025-58669) , Oct 11, 2025
New vulnerability
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) (CVE-2025-13692) , Dec 11, 2025
Search Exclude (CVE-2025-10646) , Dec 11, 2025
Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One (CVE-2025-12878) , Dec 11, 2025
Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One (CVE-2025-66067) , Dec 11, 2025
WP Social Ninja – Best Social Feed, Reviews Plugin for WordPress (Google Reviews, Photo Feeds, Chat & More) (CVE-2025-13007) , Dec 11, 2025