CVE-2025-13354

Name of the Vulnerable Software and Affected Versions Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI plugin for WordPress versions through 3.40.1

Description The software is susceptible to authorization bypass due to improper verification of user authorization within the taxopress merge terms batch function. This allows authenticated attackers with subscriber-level access or higher to merge or delete arbitrary taxonomy terms.

Recommendations Versions prior to and including 3.40.1 should be updated.