CVE-2025-13922

The Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'existing_terms_orderby' parameter in the AI preview AJAX endpoint in all versions up to, and including, 3.40.1. This is due to insufficient escaping on user-supplied parameters and lack of SQL query parameterization. This makes it possible for authenticated attackers, with Contributor-level access and above who have AI metabox permissions, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database, cause performance degradation, or enable data inference through time-based techniques.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://plugins.trac.wordpress.org/browser/simple-tags/tags/3.40.1/inc/class.admin.php#L1406
https://plugins.trac.wordpress.org/browser/simple-tags/tags/3.40.1/modules/taxopress-ai/classes/TaxoPressAiAjax.php#L180
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3408243%40simple-tags%2Ftrunk&old=3388829%40simple-tags%2Ftrunk&sfp_email=&sfph_mail=#file17
https://www.wordfence.com/threat-intel/vulnerabilities/id/f40cc632-c6af-4c8b-a455-76319f7fe151?source=cve

Configurations

No configuration.

History

06 Dec 2025, 05:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-12-06 05:16

Updated : 2025-12-08 18:26

NVD link : CVE-2025-13922

Mitre link : CVE-2025-13922

CVE.ORG link : CVE-2025-13922

JSON object : View

Products Affected

No product.

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

6.5 /10