Medium severity6.1NVD Advisory· Published Aug 31, 2024· Updated Jun 17, 2026
CVE-2024-5212
CVE-2024-5212
Description
The tagDiv Composer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘envato_code[]’ parameter in all versions up to, and including, 5.0 due to insufficient input sanitization and output escaping within the on_ajax_register_forum_user function. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3<=5.0+ 1 more
- (no CPE)range: <=5.0
- (no CPE)
- Range: 0
Patches
Vulnerability mechanics
References
2- www.wordfence.com/threat-intel/vulnerabilities/id/db95415a-5354-498b-8368-58c47d9948denvdThird Party Advisory
- tagdiv.com/newspaper/nvdNot Applicable
News mentions
0No linked articles in our index yet.