Lucene search
K

25 matches found

Nuclei
Nuclei
added 15 hours ago10 views

WordPress tagDiv Composer < 3.5 - Authentication Bypass

The tagDiv Composer WordPress plugin before 3.5, required by the Newspaper WordPress theme before 12.1 and Newsmag WordPress theme before 5.2.2, does not properly implement the Facebook login feature, allowing unauthenticated attackers to login as any user by just knowing their email address id:...

9.8CVSS7.2AI score0.03546EPSS
Exploits2References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-32163

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.0037EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:51 a.m.9 views

CVE-2023-28493

Auth subscriber+ Reflected Cross-Site Scripting XSS vulnerability in Macho Themes NewsMag theme = 2.4.4 versions...

6.5CVSS5.8AI score0.0037EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:21 p.m.9 views

CVE-2021-24304

The Newsmag WordPress theme before 5.0 does not sanitise the tdblockid parameter in its tdajaxblock AJAX action, leading to an unauthenticated Reflected Cross-site Scripting XSS vulnerability...

6.1CVSS6.2AI score0.01234EPSS
Exploits2References1
Prion
Prion
added 2023/09/11 8:15 p.m.23 views

Cross site scripting

The tagDiv Composer WordPress plugin before 4.2, used as a companion by the Newspaper and Newsmag themes from tagDiv, does not validate and escape some settings, which could allow users with Admin privileges to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is...

4.3CVSS4.8AI score0.00377EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2023/09/11 7:46 p.m.29 views

CVE-2023-3170 tagDiv Composer < 4.2 - Admin+ Stored XSS

The tagDiv Composer WordPress plugin before 4.2, used as a companion by the Newspaper and Newsmag themes from tagDiv, does not validate and escape some settings, which could allow users with Admin privileges to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is...

5.1AI score0.00377EPSS
Exploits2References1
CVE
CVE
added 2023/09/11 7:46 p.m.84 views

CVE-2023-3169

The CVE concerns tagDiv Composer for WordPress (pre-4.2). Concrete detail: unauthenticated stored XSS via the REST endpoint /wp-json/tdw/save_css, exploiting the compiled_css parameter which is stored and later executed when CSS loads. Root cause: authorisation is missing on the REST route and in...

6.1CVSS6.2AI score0.01595EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2023/09/11 7:46 p.m.41 views

CVE-2023-3169 tagDiv Composer < 4.2 - Unauthenticated Stored XSS

The tagDiv Composer WordPress plugin before 4.2, used as a companion by the Newspaper and Newsmag themes from tagDiv, does not have authorisation in a REST route and does not validate as well as escape some parameters when outputting them back, which could allow unauthenticated users to perform...

6.2AI score0.01595EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2023/08/17 12:0 a.m.11 views

tagDiv Composer < 4.2 - Admin+ Stored XSS

Description The plugin, used as a companion by the Newspaper and Newsmag themes from tagDiv, does not validate and escape some settings, which could allow users with Admin privileges to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example i...

4.8CVSS5.8AI score0.00377EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/08/17 12:0 a.m.26 views

tagDiv Composer < 4.2 - Unauthenticated Stored XSS

Description The plugin, used as a companion by the Newspaper and Newsmag themes from tagDiv, does not have authorisation in a REST route and does not validate as well as escape some parameters when outputting them back, which could allow unauthenticated users to perform Stored Cross-Site Scriptin...

6.1CVSS6.1AI score0.01595EPSS
Exploits2Affected Software1
VulnCheck KEV
VulnCheck KEV
added 2023/06/07 12:0 a.m.5 views

VulnCheck KEV: CVE-2020-36708

The following themes for WordPress are vulnerable to Function Injections in versions up to and including Shapely = 1.2.7, NewsMag = 2.4.1, Activello = 1.4.0, Illdy = 2.1.4, Allegiant = 1.2.2, Newspaper X = 1.3.1, Pixova Lite = 2.0.5, Brilliance = 1.2.7, MedZone Lite = 1.2.4, Regina...

9.8CVSS7.2AI score0.65342EPSS
Exploits1References1
OSV
OSV
added 2023/05/08 3:15 p.m.4 views

CVE-2023-28493

Auth subscriber+ Reflected Cross-Site Scripting XSS vulnerability in Macho Themes NewsMag theme = 2.4.4 versions...

5.4CVSS5.8AI score0.0037EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/05/08 2:25 p.m.12 views

CVE-2023-28493 WordPress Newsmag Theme <= 2.4.4 is vulnerable to Cross Site Scripting (XSS)

Auth subscriber+ Reflected Cross-Site Scripting XSS vulnerability in Macho Themes NewsMag theme = 2.4.4 versions...

6.5CVSS5.8AI score0.0037EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/05/08 2:25 p.m.30 views

CVE-2023-28493 WordPress Newsmag Theme <= 2.4.4 is vulnerable to Cross Site Scripting (XSS)

Auth subscriber+ Reflected Cross-Site Scripting XSS vulnerability in Macho Themes NewsMag theme = 2.4.4 versions...

6.5CVSS6.2AI score0.0037EPSS
Exploits0References1
Patchstack
Patchstack
added 2023/03/16 12:0 a.m.11 views

WordPress Newsmag Theme <= 2.4.4 is vulnerable to Cross Site Scripting (XSS)

Software Newsmag Type Theme Vulnerable versions = 2.4.4 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-28493 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 919e42815591 Credits Brandon Roldan Required privileg...

6.5CVSS5.6AI score0.0037EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2022/11/14 3:15 p.m.3 views

CVE-2022-3477

The tagDiv Composer WordPress plugin before 3.5, required by the Newspaper WordPress theme before 12.1 and Newsmag WordPress theme before 5.2.2, does not properly implement the Facebook login feature, allowing unauthenticated attackers to login as any user by just knowing their email address...

9.8CVSS5.8AI score0.03546EPSS
Exploits2References1
Prion
Prion
added 2022/11/14 3:15 p.m.52 views

Improper access control

The tagDiv Composer WordPress plugin before 3.5, required by the Newspaper WordPress theme before 12.1 and Newsmag WordPress theme before 5.2.2, does not properly implement the Facebook login feature, allowing unauthenticated attackers to login as any user by just knowing their email address...

7.5CVSS9.4AI score0.03546EPSS
Exploits2References1Affected Software3
CVE
CVE
added 2022/11/14 12:0 a.m.136 views

CVE-2022-3477

The CVE-2022-3477 issue affects the WordPress tagDiv Composer before 3.5, which is used by the Newspaper theme before 12.1 and Newsmag theme before 5.2.2. Root cause: improper implementation of the Facebook login feature, enabling unauthenticated attackers who know a user’s email address to log i...

9.8CVSS9.6AI score0.03546EPSS
Exploits2References1Affected Software3
Cvelist
Cvelist
added 2022/11/14 12:0 a.m.39 views

CVE-2022-3477 tagDiv Composer < 3.5 - Unauthenticated Account Takeover

The tagDiv Composer WordPress plugin before 3.5, required by the Newspaper WordPress theme before 12.1 and Newsmag WordPress theme before 5.2.2, does not properly implement the Facebook login feature, allowing unauthenticated attackers to login as any user by just knowing their email address...

9.7AI score0.03546EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2022/10/24 12:0 a.m.1 views

VulnCheck KEV: CVE-2022-3477

The tagDiv Composer WordPress plugin before 3.5, required by the Newspaper WordPress theme before 12.1 and Newsmag WordPress theme before 5.2.2, does not properly implement the Facebook login feature, allowing unauthenticated attackers to login as any user by just knowing their email address...

9.8CVSS7.3AI score0.03546EPSS
Exploits2References1
Rows per page
Query Builder