CVE-2025-13359
📋 TL;DR
This SQL injection vulnerability in the TaxoPress WordPress plugin allows authenticated attackers with contributor-level access to execute time-based SQL queries and extract sensitive database information. The vulnerability affects all plugin versions up to 3.40.1 and requires the attacker to have metabox access for taxonomies, which is enabled by default for contributors.
💻 Affected Systems
- Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI (TaxoPress) WordPress plugin
📦 What is this software?
Taxopress by Taxopress
⚠️ Risk & Real-World Impact
Worst Case
Attackers could extract sensitive data including user credentials, private content, or other database information, potentially leading to complete site compromise.
Likely Case
Attackers with contributor access could extract user data, private posts, or other sensitive information from the WordPress database.
If Mitigated
With proper access controls and monitoring, impact would be limited to unauthorized data access from the compromised user's permitted scope.
🎯 Exploit Status
Requires authenticated contributor-level access and knowledge of time-based SQL injection techniques.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Versions after 3.40.1
Vendor Advisory: https://github.com/TaxoPress/TaxoPress/commit/1097a22181aa10ce55cc9cd5fa8495f7494e18ea
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'TaxoPress' plugin. 4. Click 'Update Now' if update available. 5. Alternatively, download latest version from WordPress.org and replace plugin files.
🔧 Temporary Workarounds
Disable plugin
allTemporarily disable the vulnerable plugin until patched
wp plugin deactivate taxopress
Restrict contributor access
allRemove metabox access for contributors or restrict contributor accounts
🧯 If You Can't Patch
- Implement strict network access controls to limit who can access WordPress admin interface
- Enable detailed SQL query logging and monitor for suspicious database activity
🔍 How to Verify
Check if Vulnerable:
Check plugin version in WordPress admin → Plugins → Installed Plugins. If TaxoPress version is 3.40.1 or lower, you are vulnerable.Check Version:
wp plugin get taxopress --field=versionVerify Fix Applied:
Verify plugin version is higher than 3.40.1. Check the commit 1097a22181aa10ce55cc9cd5fa8495f7494e18ea is present in plugin files.📡 Detection & Monitoring
Log Indicators:
- Unusually long response times for AJAX requests to getTermsForAjax
- Multiple SQL queries from single AJAX requests
- Database errors in WordPress debug logs
Network Indicators:
- Repeated POST requests to /wp-admin/admin-ajax.php with SQL-like parameters
- Unusual timing patterns in AJAX responses
SIEM Query:
source="wordpress.log" AND "admin-ajax.php" AND "getTermsForAjax" AND (response_time>5000 OR "SQL" OR "database")