Security Advisory

CVE-2025-13354

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-12-03 13:52:43
Last updated 2026-04-08 16:33:28
Assigner Wordfence
State PUBLISHED

Description

The Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.40.1. This is due to the plugin not properly verifying that a user is authorized to perform an action in the "taxopress_merge_terms_batch" function. This makes it possible for authenticated attackers, with subscriber level access and above, to merge or delete arbitrary taxonomy terms.