CVE-2025-13359: The Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI plugin for WordPress is vulnerable to time-based SQL
Summary
A WordPress plugin called 'Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI' has a time-based SQL injection vulnerability (a security flaw where attackers can insert malicious database commands through user input) in its "getTermsForAjax" function in versions up to 3.40.1. Authenticated users with contributor-level access or higher can exploit this flaw to extract sensitive information from the website's database because the plugin doesn't properly validate user input before using it in database queries.
Vulnerability Details
6.5(medium)
EPSS: 0.0%
Classification
Affected Vendors
Related Issues
CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne
CVE-2026-22252: LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbi
Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-13359
First tracked: February 15, 2026 at 08:49 PM
Classified by LLM (prompt v3) · confidence: 75%