Medium severity6.1NVD Advisory· Published Aug 31, 2024· Updated Jun 17, 2026
CVE-2024-3886
CVE-2024-3886
Description
The tagDiv Composer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘envato_code[]’ parameter in all versions up to, and including, 5.0 due to insufficient input sanitization and output escaping within the on_ajax_check_envato_code function. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3<=5.0+ 1 more
- (no CPE)range: <=5.0
- (no CPE)
- Range: 0
Patches
Vulnerability mechanics
References
2- www.wordfence.com/threat-intel/vulnerabilities/id/ed9db9c1-c6b5-459e-9820-ec4ee47b244envdThird Party Advisory
- tagdiv.com/newspaper/nvdNot Applicable
News mentions
0No linked articles in our index yet.