<0.1% probability · 10.7th percentile — 2026-05-12
Affected versions
TaxoPress simple-tags up to 3.44.0
Summary
The TaxoPress simple-tags WordPress plugin contains a blind SQL injection vulnerability caused by improper neutralization of special SQL elements. A remote attacker can exploit this flaw to execute arbitrary SQL queries against the affected site's database. Successful exploitation can lead to unauthorized data exfiltration, data modification, or full site compromise.
Remediation
Update the TaxoPress simple-tags plugin to the latest patched version as soon as it becomes available. If no patch is released, disable the plugin to remove the vulnerability. Use a web application firewall to block malicious injection attempts against the plugin.
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.