CVE-2025-53222
Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tagDiv tagDiv Opt-In Builder td-subscription allows Reflected XSS.This issue affects tagDiv Opt-In Builder: from n/a through <= 1.7.3.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Reflected XSS in tagDiv Opt-In Builder (td-subscription) up to version 1.7.3 allows attackers to inject malicious scripts via crafted links.
Vulnerability
Overview CVE-2025-53222 is a reflected cross-site scripting (XSS) vulnerability in the tagDiv Opt-In Builder plugin (td-subscription). The plugin fails to properly neutralize user input during web page generation, allowing a reflected XSS attack [1]. This affects all plugin versions from n/a through 1.7.3. [1]
Exploitation
Details The attack does not require authentication, but user interaction is necessary — the victim must click a malicious link, visit a crafted page or submit a specially crafted form [1]. The vulnerability is considered moderately dangerous and is expected to be exploited in mass campaigns targeting thousands of websites. [1]
Impact
A successful attack enables a malicious actor to inject malicious scripts — including redirects, advertisements and other HTML payloads — into the victim's website. These scripts execute when other users visit site. [1]
Mitigation
The vulnerability has been patched in version 1.7.4 of the tagDiv Opt-In Builder plugin. Users should update immediately. If updating is not possible a mitigation rule may block attacks until the plugin can be updated. [1]
AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: <=1.7.3
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.