CVE-2025-14043
Unauthorized Metadata Creation in Tainacan WordPress Plugin via REST API
Publication date: 2025-12-21
Last updated on: 2025-12-21
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tainacan | tainacan | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in the Tainacan WordPress plugin allows unauthenticated attackers to create arbitrary metadata sections for any collection via the public REST API. This happens because the function responsible for checking permissions when creating metadata sections, `create_item_permissions_check()`, always returns true, bypassing any authentication or authorization checks. As a result, anyone who can access the WordPress site can add metadata sections without proper permissions. [3]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing unauthorized users to create metadata sections in your collections, potentially leading to unauthorized data manipulation or pollution of your metadata. Although it does not directly affect confidentiality or availability, it compromises the integrity of your metadata by allowing attackers to insert arbitrary metadata sections without permission.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for unauthorized POST requests to the Tainacan plugin's REST API endpoint that creates metadata sections, specifically the endpoint: /wp-json/tainacan/v1/collection/<collection_id>/metadata-sections. You can use network monitoring tools or web server logs to look for POST requests to this endpoint from unauthenticated sources. For example, using curl to test if the endpoint allows creation without authentication: curl -X POST https://<your-wordpress-site>/wp-json/tainacan/v1/collection/<collection_id>/metadata-sections -d '{"name":"test"}' -H 'Content-Type: application/json' -v. Additionally, inspecting WordPress access logs for unexpected POST requests to this REST API path can help detect exploitation attempts. [2, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include disabling or restricting access to the Tainacan plugin's REST API endpoints related to metadata sections until a patch is applied. This can be done by restricting access via web application firewall rules or server configuration to block unauthenticated POST requests to /wp-json/tainacan/v1/collection/*/metadata-sections endpoints. Additionally, update the Tainacan plugin to a version where the create_item_permissions_check() function properly enforces authorization checks once available. If an update is not yet available, consider temporarily disabling the Tainacan plugin to prevent exploitation. [2, 3]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows unauthenticated attackers to create arbitrary metadata sections via the public REST API due to missing authorization checks. This unauthorized creation of metadata could lead to improper handling or manipulation of data collections, potentially resulting in non-compliance with data protection regulations such as GDPR or HIPAA, which require strict access controls and data integrity. However, specific impacts on compliance are not detailed in the provided resources. [2, 3]