Lucene search
K

5 matches found

Nuclei
Nuclei
added 4 hours ago16 views

tagDiv Composer < 4.2 - Stored Cross-Site Scripting

tagDiv Composer plugin versions before 4.2 for WordPress are vulnerable to unauthenticated stored XSS via the /wp-json/tdw/savecss endpoint. An attacker can inject malicious JavaScript code through the compiledcss parameter, which gets stored and executed when the CSS is loaded. id: CVE-2023-3169...

6.1CVSS7AI score0.01595EPSS
Exploits2References2
The Hacker News
The Hacker News
added 2023/10/11 12:41 p.m.55 views

Over 17,000 WordPress Sites Compromised by Balada Injector in September 2023

More than 17,000 WordPress websites have been compromised in the month of September 2023 with a malware known as Balada Injector, nearly twice the number of detections in August. Of these, 9,000 of the websites are said to have been infiltrated using a recently disclosed security flaw in the tagD...

6.1CVSS7AI score0.01595EPSS
Exploits2
Circl
Circl
added 2023/10/10 11:36 a.m.4 views

CVE-2023-3169

creationtimestamp| type| source ---|---|--- 2023-10-10 11:36:55+00:00| exploited| https://t.me/itsecnews/3432 2023-10-11 15:16:39+00:00| exploited| https://t.me/KomunitiSiber/919 2023-10-11 15:30:02+00:00| seen| Telegram/ReJUj7XL5RTCHl48Ln6hOhYIjbpjNlCtusbs47L9aTPiow 2025-09-23 20:09:27+00:00|...

6.1CVSS7.1AI score0.01595EPSS
Exploits2References3
CVE
CVE
added 2023/09/11 7:46 p.m.84 views

CVE-2023-3169

The CVE concerns tagDiv Composer for WordPress (pre-4.2). Concrete detail: unauthenticated stored XSS via the REST endpoint /wp-json/tdw/save_css, exploiting the compiled_css parameter which is stored and later executed when CSS loads. Root cause: authorisation is missing on the REST route and in...

6.1CVSS6.2AI score0.01595EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2023/09/11 7:46 p.m.41 views

CVE-2023-3169 tagDiv Composer < 4.2 - Unauthenticated Stored XSS

The tagDiv Composer WordPress plugin before 4.2, used as a companion by the Newspaper and Newsmag themes from tagDiv, does not have authorisation in a REST route and does not validate as well as escape some parameters when outputting them back, which could allow unauthenticated users to perform...

6.2AI score0.01595EPSS
Exploits2References1
Rows per page
Query Builder