Cross-Site Request Forgery (CSRF) vulnerability in tagDiv tagDiv Composer allows Cross-Site Scripting (XSS).This issue affects tagDiv Composer: from n/a before...
6.1CVSS
7.1AI Score
0.0005EPSS
The tagDiv Composer WordPress plugin before 3.5, required by the Newspaper WordPress theme before 12.1 and Newsmag WordPress theme before 5.2.2, does not properly implement the Facebook login feature, allowing unauthenticated attackers to login as any user by just knowing their email...
9.8CVSS
9.5AI Score
0.004EPSS
An issue was discovered in the tagDiv Newspaper theme 10.3.9.1 for WordPress. It allows XSS via the wp-admin/admin-ajax.php td_block_id parameter in a td_ajax_block API...
6.1CVSS
5.9AI Score
0.001EPSS
The newspaper theme before 6.7.2 for WordPress has a lack of options access control via...
The newspaper theme before 6.7.2 for WordPress has script injection via td_ads[header] to...
9.8CVSS
7.2AI Score
0.008EPSS