CVE-2025-14371
TaxoPress <= 3.41.0 - Missing Authorization to Authenticated (Contributor+) Arbitrary Post Tag ModificationThe Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the taxopress_ai_add_post_term function in all versions up to, and including, 3.41.0. This makes it possible for authenticated attackers, with Contributor-level access and above, to add or remove taxonomy terms (tags, categories) on any post, including ones they do not own.
We have discovered 5,216 live websites that are affected by CVE-2025-14371.
Affected Software
| Product |  Simple Tags |
| Category | Wordpress Plugins |
| Vulnerable Domains | 5,216 live websites (41% of Simple Tags install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 92 versions ( 97% of all versions) |
Common Weakness Enumeration
CWE-862 Missing AuthorizationDetails
- Published - Jan 6, 2026
- Updated - Apr 8, 2026
Credits
- Dmitrii Ignatyev (finder)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2025-14371 United States | 1,743 websites |
 Japan | 502 websites |
 Germany | 450 websites |
 Russia | 356 websites |
 France | 344 websites |
 Italy | 336 websites |
 GB | 120 websites |
 Spain | 109 websites |
 Poland | 91 websites |
 Netherlands | 88 websites |
Website Distribution by TLD
Number of websites using CVE-2025-14371| .com | 2,310 websites |
| .net | 315 websites |
| .org | 276 websites |
| .ru | 260 websites |
| .it | 250 websites |
| .de | 239 websites |
| .fr | 133 websites |
| .jp | 115 websites |
| .info | 77 websites |
| .nl | 72 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2025-14371
Top websites that are affected by CVE-2025-14371. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *********.org | United States | *,*** | |
| *******.com | United States | *,*** | |
| ***.********.com | United States | *,*** | |
| *********.com | United States | *,*** | |
| ******.com | United States | *,*** | |
| ****************.com | United States | *,*** | |
| ****.org | United States | **,*** | |
| *********.com | United States | **,*** | |
| ********.com | United States | **,*** | |
| ******.com | United States | **,*** |
FAQ
CVE-2025-14371 is Missing Authorization in Simple Tags
A total of 5,216 websites have been identified as vulnerable to CVE-2025-14371, based on global website indexing conducted by WebTechSurvey.
The Simple Tags is affected by the CVE-2025-14371 vulnerability.
Simple Tags versions up to and including 3.41 are vulnerable to CVE-2025-14371.