Sign in Get started

← All vendors

Vendor

Tagdiv

Sign in to watch

Products

2

CVEs

5

Across products

5

Status

Private

Products

2

Tagdiv Composer
3 CVEs
Newspaper
2 CVEs

Recent CVEs

5

CVE	Sev	Risk	CVSS	EPSS	KEV	Published	Description
CVE-2024-3813	Hig	0.57	8.8	0.01		Jun 15, 2024	The tagDiv Composer plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.8 via the 'td_block_title' shortcode 'block_template_id' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php file type can be uploaded and included.
CVE-2023-39166	Hig	0.46	7.1	0.00		Nov 13, 2023	Cross-Site Request Forgery (CSRF) vulnerability in tagDiv tagDiv Composer allows Cross-Site Scripting (XSS).This issue affects tagDiv Composer: from n/a before 4.4.
CVE-2024-3815	Med	0.36	5.5	0.00		Jun 15, 2024	The Newspaper theme for WordPress is vulnerable to Stored Cross-Site Scripting via attachment meta in the archive page in all versions up to, and including, 12.6.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVE-2024-3814	Med	0.36	5.5	0.00		Jun 15, 2024	The tagDiv Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'single' module in all versions up to, and including, 4.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVE-2022-3477		0.05	—	0.63		Nov 14, 2022	The tagDiv Composer WordPress plugin before 3.5, required by the Newspaper WordPress theme before 12.1 and Newsmag WordPress theme before 5.2.2, does not properly implement the Facebook login feature, allowing unauthenticated attackers to login as any user by just knowing their email address