CVE-2025-11972
📋 TL;DR
This SQL injection vulnerability in the TaxoPress WordPress plugin allows authenticated attackers with Editor-level access or higher to execute arbitrary SQL queries. Attackers can extract sensitive information from the database by manipulating the 'post_types' parameter. Only WordPress sites using vulnerable versions of the TaxoPress plugin are affected.
💻 Affected Systems
- TaxoPress (Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI plugin for WordPress)
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise including extraction of sensitive user data, passwords, and potentially privilege escalation to full site control.
Likely Case
Extraction of sensitive WordPress data including user information, post content, and plugin configuration data.
If Mitigated
Limited impact due to proper access controls and monitoring preventing successful exploitation.
🎯 Exploit Status
Exploitation requires authenticated access but SQL injection is straightforward once authenticated.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 3.40.1 and later
Vendor Advisory: https://wordpress.org/plugins/simple-tags/#developers
Restart Required: No
Instructions:
1. Log into WordPress admin panel
2. Navigate to Plugins → Installed Plugins
3. Find TaxoPress plugin
4. Click 'Update Now' if available
5. Or manually download version 3.40.1+ from WordPress.org
6. Deactivate old version, upload new version, activate
🔧 Temporary Workarounds
Disable vulnerable plugin
allTemporarily deactivate TaxoPress plugin until patched version can be installed
wp plugin deactivate simple-tags
Restrict user roles
allTemporarily remove Editor and higher roles from untrusted users
🧯 If You Can't Patch
- Implement strict access controls to limit Editor and Administrator roles to trusted personnel only
- Deploy web application firewall (WAF) with SQL injection protection rules
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Installed Plugins → TaxoPress version. If version is 3.40.0 or lower, you are vulnerable.Check Version:
wp plugin get simple-tags --field=versionVerify Fix Applied:
Verify TaxoPress plugin version is 3.40.1 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual SQL queries in WordPress debug logs
- Multiple failed authentication attempts followed by successful Editor login
- Unusual database queries from WordPress user accounts
Network Indicators:
- POST requests to wp-admin/admin-ajax.php with unusual post_types parameters
- SQL error messages in HTTP responses
SIEM Query:
source="wordpress.log" AND ("post_types" OR "SQL" OR "database error")🔗 References
- https://github.com/TaxoPress/TaxoPress/commit/fd35042973439719b4304b336663e46f13f1533a
- https://www.wordfence.com/threat-intel/vulnerabilities/id/7e36f3a0-2215-4c1c-99c4-9405ad7b913b?source=cve
- https://github.com/TaxoPress/TaxoPress/issues/2827
- https://github.com/TaxoPress/TaxoPress/pull/2828
- https://wordpress.org/plugins/simple-tags/#developers
