๐Ÿ” CVE Alert

CVE-2026-4128

MEDIUM 4.3

TP Restore Categories And Taxonomies <= 1.0.1 - Missing Authorization to Authenticated (Subscriber+) Taxonomy Deletion via 'tpmcattt_delete_term' AJAX Action

CVSS Score
4.3
EPSS Score
0.0%
EPSS Percentile
0th

The TP Restore Categories And Taxonomies plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.1. The delete_term() function, which handles the 'tpmcattt_delete_term' AJAX action, does not perform any capability check (e.g., current_user_can()) to verify the user has sufficient permissions. While it does verify a nonce via check_ajax_referer(), this nonce is generated for all authenticated users via the admin_enqueue_scripts hook and exposed on any wp-admin page (including profile.php, which subscribers can access). This makes it possible for authenticated attackers, with Subscriber-level access and above, to permanently delete taxonomy term records from the plugin's trash/backup tables by sending a crafted AJAX request with a valid nonce and an arbitrary term_id.

CWE CWE-862
Vendor tplugins
Product tp restore categories and taxonomies
Published Apr 22, 2026
Stay Ahead of the Next One

Get instant alerts for tplugins tp restore categories and taxonomies

Be the first to know when new medium vulnerabilities affecting tplugins tp restore categories and taxonomies are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability

Affected Versions

tplugins / TP Restore Categories And Taxonomies
0 โ‰ค 1.0.1

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
wordfence.com: https://www.wordfence.com/threat-intel/vulnerabilities/id/53a0749f-86e9-4f62-9de2-a6759c78ba2f?source=cve plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/tp-restore-categories-and-taxonomies/trunk/admin/class-tp-move-categories-and-taxonomies-to-trash-admin.php#L474 plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/tp-restore-categories-and-taxonomies/tags/1.0.1/admin/class-tp-move-categories-and-taxonomies-to-trash-admin.php#L474 plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/tp-restore-categories-and-taxonomies/trunk/includes/class-tp-move-categories-and-taxonomies-to-trash.php#L169 plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/tp-restore-categories-and-taxonomies/tags/1.0.1/includes/class-tp-move-categories-and-taxonomies-to-trash.php#L169

Credits

Nabil Irawan