CVE-2025-11972: The Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI plugin for WordPress is vulnerable to SQL Injection
mediumvulnerabilityLLM-Specific
security
Summary
A WordPress plugin called Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI has a SQL injection vulnerability (a security flaw where attackers can insert harmful database commands into the plugin's code) in versions up to 3.40.0. Attackers with Editor-level access or higher can exploit the 'post_types' parameter to extract sensitive information from the website's database because the plugin doesn't properly clean up user input before using it in database queries.
Vulnerability Details
CVSS Score
4.9(medium)
EPSS (30-day exploit probability)
EPSS: 0.0%
Classification
Attack Type
Other
Attack SophisticationModerate
Impact (CIA+S)
confidentialityintegrity
Affected Vendors
OpenAI
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-11972
First tracked: February 15, 2026 at 08:49 PM
Classified by LLM (prompt v3) · confidence: 75%