Primary

Context

Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI Missing Authorization Vulnerability on WordPress

Vulnerability

Patched

A vulnerability exists in the Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI plugin for WordPress, in all versions up to and including 3.40.1. The issue stems from the plugin's failure to properly verify user authorization in the 'taxopress_merge_terms_batch' function. This flaw allows authenticated attackers with subscriber-level access or higher to merge or delete arbitrary taxonomy terms.

Impact

Exploitation of this vulnerability allows for unauthorized manipulation of taxonomy terms, including merging or deleting terms at will.

Remediation

Users are advised to update the plugin to version 3.41.0 or later.

Added: Dec 3, 2025, 2:21 PM

Updated: Dec 3, 2025, 2:21 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

5.0

exploitability

6.1

remediation

7.7

relevance

1.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

5.0

exploitability

6.1

remediation

7.7

relevance

1.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI Missing Authorization Vulnerability on WordPress

Vulnerability

Impact

Remediation

Affected Products

TaxoPress Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating