264 matches found
CVE-2024-3888
The tagDiv Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's button shortcode in all versions up to, and including, 4.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
WordPress tagDiv Composer plugin <= 4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via button Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via button Shortcode vulnerability discovered by Truoc Phan in WordPress Plugin tagDiv Composer versions = 4.8...
WordPress tagDiv Composer Plugin <= 4.8 is vulnerable to Cross Site Scripting (XSS)
Software tagDiv Composer Type Plugin Vulnerable versions = 4.8 Fixed in 4.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3888 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 609d0460445f Credits Truoc Phan Required privileg...
tagDiv Composer < 4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via button Shortcode
Description The tagDiv Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's button shortcode in all versions up to, and including, 4.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
WordPress tagDiv Composer plugin <= 4.8 - Authenticated Stored Cross-Site Scripting via Attachment Meta vulnerability
Authenticated Stored Cross-Site Scripting via Attachment Meta vulnerability discovered by István Márton in WordPress Plugin tagDiv Composer versions = 4.8...
WordPress tagDiv Composer plugin <= 4.8 - Authenticated Local File Inclusion via Shortcode vulnerability
Authenticated Local File Inclusion via Shortcode vulnerability discovered by István Márton in WordPress Plugin tagDiv Composer versions = 4.8...
WordPress tagDiv Composer Plugin <= 4.8 is vulnerable to Cross Site Scripting (XSS)
Software tagDiv Composer Type Plugin Vulnerable versions = 4.8 Fixed in 4.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3814 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID aede7898e0d1 Credits István Márton Required...
WordPress tagDiv Composer Plugin <= 4.8 is vulnerable to Local File Inclusion
Software tagDiv Composer Type Plugin Vulnerable versions = 4.8 Fixed in 4.9 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-3813 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID 5ffa96c3f191 Credits István Márton Required privilege Contributor...
VulnCheck KEV: CVE-2023-3169
The tagDiv Composer WordPress plugin before 4.2, used as a companion by the Newspaper and Newsmag themes from tagDiv, does not have authorisation in a REST route and does not validate as well as escape some parameters when outputting them back, which could allow unauthenticated users to perform...
The vulnerability of the tagDiv Composer Plugin, a plugin for WordPress content management systems, allows attackers to carry out cross-site scripting attacks.
The vulnerability of the tagDiv Composer Plugin of the WordPress content management system exists because measures to neutralize special elements have not been taken. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks...
CVE-2023-39166
Cross-Site Request Forgery CSRF vulnerability in tagDiv tagDiv Composer allows Cross-Site Scripting XSS.This issue affects tagDiv Composer: from n/a before 4.4...
CVE-2023-39166
Cross-Site Request Forgery CSRF vulnerability in tagDiv tagDiv Composer allows Cross-Site Scripting XSS.This issue affects tagDiv Composer: from n/a before 4.4...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in tagDiv tagDiv Composer allows Cross-Site Scripting XSS.This issue affects tagDiv Composer: from n/a before 4.4...
CVE-2023-39166
CVE-2023-39166: In WordPress plugin tagDiv Composer, a Cross-Site Request Forgery (CSRF) leads to Cross-Site Scripting (XSS). Affected: versions prior to 4.4. Remediation: update to version 4.4 or later (patched).
CVE-2023-39166 WordPress tagDiv Composer Plugin < 4.4 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in tagDiv tagDiv Composer allows Cross-Site Scripting XSS.This issue affects tagDiv Composer: from n/a before 4.4...
WordPress Plugin tagDiv Composer Cross-Site Request Forgery Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...
PT-2023-26820 · Tagdiv · Tagdiv Composer
Name of the Vulnerable Software and Affected Versions: tagDiv Composer versions prior to 4.4 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability that allows Cross-Site Scripting XSS in tagDiv Composer. Recommendations: For versions prior to 4.4, update to version...
Balada Injector A Large-Scale Malware Campaign Targeting WordPress
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary In September 2023, over 17,000 WordPress websites fell victim to a malware called Balada Injector. The substantial surge in attacks is linked to the exploitation of a recently disclosed security...
Over 17,000 WordPress Sites Compromised by Balada Injector in September 2023
More than 17,000 WordPress websites have been compromised in the month of September 2023 with a malware known as Balada Injector, nearly twice the number of detections in August. Of these, 9,000 of the websites are said to have been infiltrated using a recently disclosed security flaw in the tagD...
CVE-2023-3170
The tagDiv Composer WordPress plugin before 4.2, used as a companion by the Newspaper and Newsmag themes from tagDiv, does not validate and escape some settings, which could allow users with Admin privileges to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is...