{"data":{"id":"40b03e73-7701-4342-846d-2bf1274b22b9","title":"CVE-2025-13354: The Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI plugin for WordPress is vulnerable to authorization ","summary":"A WordPress plugin called AI Autotagger with OpenAI has a security flaw in versions up to 3.40.1 where it fails to properly check if users have permission to perform certain actions. This authorization bypass (a failure to verify that someone is allowed to do something) allows authenticated attackers with basic subscriber-level access to merge or delete taxonomy terms (categories and tags used to organize content) that they shouldn't be able to modify.","solution":"A patch is available. According to the source, users should update to the version fixed in the GitHub commit referenced at https://github.com/TaxoPress/TaxoPress/commit/5eb2cee861ebd109152eea968aca0259c078c8b0.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2025-13354","publishedAt":"2025-12-03T19:15:46.930Z","cveId":"CVE-2025-13354","cweIds":["CWE-862"],"cvssScore":"4.3","cvssSeverity":"medium","severity":"medium","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["OpenAI"],"affectedVendorsRaw":["OpenAI","TaxoPress","WordPress"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00039,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-122"],"crossRefCount":0,"attackSophistication":"trivial","impactType":["integrity"],"aiComponentTargeted":"api","llmSpecific":false,"classifierConfidence":0.72,"researchCategory":null,"atlasIds":null}}