CVE-2025-13354 — MEDIUM (CVSS 4.3) AI Security Vulnerability

CISO Take

If your organization runs WordPress sites with the TaxoPress AI Autotagger plugin (v3.40.1 or earlier), any authenticated user—including subscribers—can corrupt your content taxonomy by merging or deleting arbitrary terms. Patch immediately or disable the plugin; the AI autotagger's OpenAI integration will produce unreliable output if the taxonomy it relies on is tampered with. Low exploitability bar makes this a real insider-threat and compromised-account risk.

Risk Assessment

Moderate operational risk for affected WordPress deployments. CVSS 4.3 understates the downstream AI impact: taxonomy terms are the categorical backbone fed to OpenAI for auto-classification. An attacker merging or deleting terms silently degrades AI tagging quality without leaving obvious indicators. No privileges beyond a subscriber account are required, making this exploitable by any registered user or via a compromised low-privilege account. Not in CISA KEV and no public exploits observed, but the low bar means exploitation is trivial once discovered.

Affected Systems

Package	Ecosystem	Vulnerable Range	Patched
taxopress	—	—	No patch

Do you use taxopress? You're affected.

Severity & Risk

CVSS 3.1

4.3 / 10

EPSS

0.0%

chance of exploitation in 30 days

Higher than 9% of all CVEs

Source: EPSS v3 — FIRST.org

Exploitation Status

No known exploitation

Sophistication

Trivial

Attack Surface

AV Network

AC Low

PR Low

UI None

S Unchanged

C None

I Low

A None

Recommended Action

6 steps

PATCH

Update TaxoPress to v3.40.2 or later (patch commit 5eb2cee861ebd109152eea968aca0259c078c8b0).
If patch unavailable, disable the plugin immediately.
DETECT

Review WordPress audit logs for unexpected calls to taxopress_merge_terms_batch by low-privilege users (subscribers, contributors).
VALIDATE

Audit current taxonomy structure against backups to detect prior tampering.
ACCESS CONTROL

Restrict subscriber-level registrations if open; enforce MFA on all WordPress accounts.
MONITOR

Alert on bulk taxonomy changes as an anomaly indicator.

CISA SSVC Assessment

Decision Track

Exploitation none

Automatable No

Technical Impact partial

Source: CISA Vulnrichment (SSVC v2.0). Decision based on the CISA Coordinator decision tree.

Classification

Auth Bypass Plugin API AML.T0012 - Valid Accounts AML.T0020 - Poison Training Data AML.T0049 - Exploit Public-Facing Application AML.T0059 - Erode Dataset Integrity

Compliance Impact

This CVE is relevant to:

EU AI Act

Art. 9 - Risk management system Article 15 - Accuracy, Robustness and Cybersecurity Article 9 - Risk Management System

ISO 42001

A.6.1.2 - AI Risk Assessment A.6.2.3 - Access control to AI systems A.8.4 - AI System Controls

NIST AI RMF

GOVERN 1.4 - Organizational roles and responsibilities for AI risk

OWASP LLM Top 10

LLM07:2025 - System Prompt Leakage LLM08:2025 - Excessive Agency

Frequently Asked Questions

What is CVE-2025-13354?

If your organization runs WordPress sites with the TaxoPress AI Autotagger plugin (v3.40.1 or earlier), any authenticated user—including subscribers—can corrupt your content taxonomy by merging or deleting arbitrary terms. Patch immediately or disable the plugin; the AI autotagger's OpenAI integration will produce unreliable output if the taxonomy it relies on is tampered with. Low exploitability bar makes this a real insider-threat and compromised-account risk.

Is CVE-2025-13354 actively exploited?

No confirmed active exploitation of CVE-2025-13354 has been reported, but organizations should still patch proactively.

How to fix CVE-2025-13354?

1. PATCH: Update TaxoPress to v3.40.2 or later (patch commit 5eb2cee861ebd109152eea968aca0259c078c8b0). 2. If patch unavailable, disable the plugin immediately. 3. DETECT: Review WordPress audit logs for unexpected calls to taxopress_merge_terms_batch by low-privilege users (subscribers, contributors). 4. VALIDATE: Audit current taxonomy structure against backups to detect prior tampering. 5. ACCESS CONTROL: Restrict subscriber-level registrations if open; enforce MFA on all WordPress accounts. 6. MONITOR: Alert on bulk taxonomy changes as an anomaly indicator.

What systems are affected by CVE-2025-13354?

This vulnerability affects the following AI/ML architecture patterns: plugin integrations, LLM API integrations, content management pipelines.

What is the CVSS score for CVE-2025-13354?

CVE-2025-13354 has a CVSS v3.1 base score of 4.3 (MEDIUM). The EPSS exploitation probability is 0.03%.

Technical Details

NVD Description

The Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.40.1. This is due to the plugin not properly verifying that a user is authorized to perform an action in the "taxopress_merge_terms_batch" function. This makes it possible for authenticated attackers, with subscriber level access and above, to merge or delete arbitrary taxonomy terms.

Exploitation Scenario

An attacker registers a free account on a WordPress site (or compromises an existing subscriber credential via phishing). They craft a direct POST request to the taxopress_merge_terms_batch endpoint, bypassing the missing authorization check. They systematically merge key taxonomy terms (e.g., merging 'cybersecurity' into 'general') or delete high-signal terms entirely. The OpenAI autotagger subsequently assigns incorrect categories to new content at ingestion time. If this taxonomy feeds a downstream RAG system or content pipeline, the corrupted signals propagate silently, degrading retrieval quality and AI-generated summaries without triggering security alerts.