cleantalk
Vulnerabilities and Security Researches

WordPress Tag and Category Manager – AI Autotagger, CVE-2025-0627

CVE, Research URL

CVE-2025-0627

Home page URL

Security reports for WordPress Tag and Category Manager – AI Autotagger

Application

WordPress Tag and Category Manager – AI Autotagger

Published on
Apr 28, 2025
Research Description
The WordPress Tag, Category, and Taxonomy Manager WordPress plugin before 3.30.0 does not sanitise and escape some of its Widgets settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Affected versions
Min -, max 3.30.0.
Status
vulnerable
Previous vulnerability researches
Multisite Post Duplicator (CVE-2016-10944) , Jun 07, 2024
New vulnerability
SMS Alert Order Notifications – WooCommerce (CVE-2025-3876) , May 11, 2025
SMS Alert Order Notifications – WooCommerce (CVE-2025-3878) , May 11, 2025
WordPress Review Plugin: The Ultimate Solution for Building a Review Website (CVE-2025-2158) , May 11, 2025
Drag and Drop Multiple File Upload for WooCommerce (CVE-2025-4403) , May 11, 2025
Contact Us By Lord Linus (CVE-2025-1382) , May 11, 2025