CVE-2025-11972

Name of the Vulnerable Software and Affected Versions The Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI plugin for WordPress versions through 3.40.0

Description The software is susceptible to SQL Injection due to inadequate input validation and query preparation. Specifically, the post types parameter is not properly sanitized, allowing authenticated attackers with Editor-level access or higher to inject SQL queries. This could lead to the extraction of sensitive information from the database.

Recommendations Update to a version beyond 3.40.0.