cleantalk
Vulnerabilities and Security Researches

WordPress Tag and Category Manager – AI Autotagger, CVE-2024-2830

CVE, Research URL

CVE-2024-2830

Home page URL

Security reports for WordPress Tag and Category Manager – AI Autotagger

Application

WordPress Tag and Category Manager – AI Autotagger

Published on
Apr 04, 2024
Research Description
The WordPress Tag and Category Manager – AI Autotagger plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'st_tag_cloud' shortcode in all versions up to, and including, 3.13.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
Min -, max 3.20.0.
Status
vulnerable
Previous vulnerability researches
WordPress Tag and Category Manager – AI Autotagger (CVE-2021-24444) , Jun 06, 2024
WordPress Tag and Category Manager – AI Autotagger (CVE-2023-2168) , Jun 06, 2024
WordPress Tag and Category Manager – AI Autotagger (CVE-2023-2170) , Jun 06, 2024
WordPress Tag and Category Manager – AI Autotagger (CVE-2024-2830) , Jun 06, 2024
WordPress Tag and Category Manager – AI Autotagger (CVE-2023-2169) , Jun 06, 2024
New vulnerability
BMI Adult & Kid Calculator (CVE-2025-47618) , May 12, 2025
SMS Alert Order Notifications – WooCommerce (CVE-2025-3876) , May 11, 2025
SMS Alert Order Notifications – WooCommerce (CVE-2025-3878) , May 11, 2025
WordPress Review Plugin: The Ultimate Solution for Building a Review Website (CVE-2025-2158) , May 11, 2025
Drag and Drop Multiple File Upload for WooCommerce (CVE-2025-4403) , May 11, 2025