CVE-2025-13354 — MEDIUM (CVSS 4.3) AI Security Vulnerability

CISO Take

If your organization runs WordPress sites with the TaxoPress AI Autotagger plugin (v3.40.1 or earlier), any authenticated user—including subscribers—can corrupt your content taxonomy by merging or deleting arbitrary terms. Patch immediately or disable the plugin; the AI autotagger's OpenAI integration will produce unreliable output if the taxonomy it relies on is tampered with. Low exploitability bar makes this a real insider-threat and compromised-account risk.

Affected Systems

Package	Ecosystem	Vulnerable Range	Patched
taxopress	—	—	No patch

Do you use taxopress? You're affected.

Severity & Risk

CVSS 3.1

4.3 / 10

EPSS

N/A

KEV Status

Not in KEV

Sophistication

Trivial

Recommended Action

1. PATCH: Update TaxoPress to v3.40.2 or later (patch commit 5eb2cee861ebd109152eea968aca0259c078c8b0). 2. If patch unavailable, disable the plugin immediately. 3. DETECT: Review WordPress audit logs for unexpected calls to taxopress_merge_terms_batch by low-privilege users (subscribers, contributors). 4. VALIDATE: Audit current taxonomy structure against backups to detect prior tampering. 5. ACCESS CONTROL: Restrict subscriber-level registrations if open; enforce MFA on all WordPress accounts. 6. MONITOR: Alert on bulk taxonomy changes as an anomaly indicator.

Classification

Auth Bypass Plugin API AML.T0012 - Valid Accounts AML.T0020 - Poison Training Data AML.T0049 - Exploit Public-Facing Application AML.T0059 - Erode Dataset Integrity

Compliance Impact

This CVE is relevant to:

EU AI Act

Art. 9 - Risk management system Article 15 - Accuracy, Robustness and Cybersecurity Article 9 - Risk Management System

ISO 42001

A.6.1.2 - AI Risk Assessment A.6.2.3 - Access control to AI systems A.8.4 - AI System Controls

NIST AI RMF

GOVERN 1.4 - Organizational roles and responsibilities for AI risk

OWASP LLM Top 10

LLM07:2025 - System Prompt Leakage LLM08:2025 - Excessive Agency

Technical Details

NVD Description

The Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.40.1. This is due to the plugin not properly verifying that a user is authorized to perform an action in the "taxopress_merge_terms_batch" function. This makes it possible for authenticated attackers, with subscriber level access and above, to merge or delete arbitrary taxonomy terms.

Exploitation Scenario

An attacker registers a free account on a WordPress site (or compromises an existing subscriber credential via phishing). They craft a direct POST request to the taxopress_merge_terms_batch endpoint, bypassing the missing authorization check. They systematically merge key taxonomy terms (e.g., merging 'cybersecurity' into 'general') or delete high-signal terms entirely. The OpenAI autotagger subsequently assigns incorrect categories to new content at ingestion time. If this taxonomy feeds a downstream RAG system or content pipeline, the corrupted signals propagate silently, degrading retrieval quality and AI-generated summaries without triggering security alerts.

Weaknesses (CWE)

CWE-862

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

References

Timeline

Published

December 3, 2025

Last Modified

December 5, 2025

First Seen

December 3, 2025