cleantalk
Vulnerabilities and Security Researches

WordPress Tag and Category Manager – AI Autotagger, CVE-2025-14371

CVE, Research URL

CVE-2025-14371

Home page URL

Security reports for WordPress Tag and Category Manager – AI Autotagger

Application

WordPress Tag and Category Manager – AI Autotagger

Published on
Jan 06, 2026
Research Description
The Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the taxopress_ai_add_post_term function in all versions up to, and including, 3.41.0. This makes it possible for authenticated attackers, with Contributor-level access and above, to add or remove taxonomy terms (tags, categories) on any post, including ones they do not own.
Affected versions
max 3.42.0.
Status
vulnerable
Previous vulnerability researches
WordPress Tag and Category Manager – AI Autotagger (CVE-2021-24444) , Jun 06, 2024
WordPress Tag and Category Manager – AI Autotagger (CVE-2023-2168) , Jun 06, 2024
WordPress Tag and Category Manager – AI Autotagger (CVE-2023-2170) , Jun 06, 2024
WordPress Tag and Category Manager – AI Autotagger (CVE-2024-2830) , Jun 06, 2024
WordPress Tag and Category Manager – AI Autotagger (CVE-2023-2169) , Jun 06, 2024
New vulnerability
WP User Frontend – Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submiss (CVE-2026-42412) , May 01, 2026
Image Widget (CVE-2026-42643) , May 01, 2026
Five Star Restaurant Reservations – WordPress Booking Plugin (CVE-2026-6498) , May 01, 2026
WordPress Tag and Category Manager – AI Autotagger (CVE-2026-42646) , May 01, 2026
GiveWP – Donation Plugin and Fundraising Platform (CVE-2026-42642) , May 01, 2026