CVE-2025-0627
AI Autotagger < 3.30.0 - Admin+ Stored XSSThe WordPress Tag, Category, and Taxonomy Manager WordPress plugin before 3.30.0 does not sanitise and escape some of its Widgets settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
We have discovered 2,082 live websites that are affected by CVE-2025-0627.
Affected Software
| Product |  Simple Tags |
| Category | Wordpress Plugins |
| Vulnerable Domains | 2,082 live websites (16% of Simple Tags install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 77 versions ( 81% of all versions) |
Common Weakness Enumeration
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')Details
- Published - Apr 28, 2025
- Updated - Apr 28, 2025
Credits
- Dmitrii Ignatyev (finder)
- WPScan (coordinator)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2025-0627 United States | 487 websites |
 Japan | 268 websites |
 Russia | 254 websites |
 Germany | 200 websites |
 Italy | 193 websites |
 France | 128 websites |
 Spain | 46 websites |
 Turkey | 41 websites |
 Poland | 38 websites |
 Canada | 37 websites |
Website Distribution by TLD
Number of websites using CVE-2025-0627| .com | 849 websites |
| .ru | 173 websites |
| .net | 146 websites |
| .it | 136 websites |
| .de | 101 websites |
| .org | 98 websites |
| .jp | 62 websites |
| .fr | 56 websites |
| .info | 43 websites |
| .pl | 30 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2025-0627
Top websites that are affected by CVE-2025-0627. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *********.org | United States | *,*** | |
| *******.com | United States | *,*** | |
| ******.com | United States | *,*** | |
| ****************.com | United States | *,*** | |
| ****.org | United States | **,*** | |
| **********.org | Germany | **,*** | |
| **************.com | United States | **,*** | |
| *********************.com | United States | **,*** | |
| ***********.com | United States | **,*** | |
| *************.com | United States | **,*** |
FAQ
CVE-2025-0627 is Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Simple Tags
A total of 2,082 websites have been identified as vulnerable to CVE-2025-0627, based on global website indexing conducted by WebTechSurvey.
The Simple Tags is affected by the CVE-2025-0627 vulnerability.
Simple Tags versions up to 3.30 are vulnerable to CVE-2025-0627.
CVE-2025-0627 is resolved in version 3.30 of Simple Tags.