cleantalk
Vulnerabilities and Security Researches

WordPress Tag and Category Manager – AI Autotagger, CVE-2023-2170

CVE, Research URL

CVE-2023-2170

Home page URL

Security reports for WordPress Tag and Category Manager – AI Autotagger

Application

WordPress Tag and Category Manager – AI Autotagger

Published on
Apr 19, 2023
Research Description
The TaxoPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Related Posts functionality in versions up to, and including, 3.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with Editor+ permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
Min -, max 3.4.5.
Status
vulnerable
Previous vulnerability researches
WordPress Tag and Category Manager – AI Autotagger (CVE-2021-24444) , Jun 06, 2024
WordPress Tag and Category Manager – AI Autotagger (CVE-2023-2168) , Jun 06, 2024
WordPress Tag and Category Manager – AI Autotagger (CVE-2023-2170) , Jun 06, 2024
WordPress Tag and Category Manager – AI Autotagger (CVE-2024-2830) , Jun 06, 2024
WordPress Tag and Category Manager – AI Autotagger (CVE-2023-2169) , Jun 06, 2024
New vulnerability
BMI Adult & Kid Calculator (CVE-2025-47618) , May 12, 2025
SMS Alert Order Notifications – WooCommerce (CVE-2025-3876) , May 11, 2025
SMS Alert Order Notifications – WooCommerce (CVE-2025-3878) , May 11, 2025
WordPress Review Plugin: The Ultimate Solution for Building a Review Website (CVE-2025-2158) , May 11, 2025
Drag and Drop Multiple File Upload for WooCommerce (CVE-2025-4403) , May 11, 2025