CVE-2023-3169

The tagDiv Composer WordPress plugin before 4.2, used as a companion by the Newspaper and Newsmag themes from tagDiv, does not have authorisation in a REST route and does not validate as well as escape some parameters when outputting them back, which could allow unauthenticated users to perform...

CVE-2023-3169

The tagDiv Composer WordPress plugin before 4.2, used as a companion by the Newspaper and Newsmag themes from tagDiv, does not have authorisation in a REST route and does not validate as well as escape some parameters when outputting them back, which could allow unauthenticated users to perform...

CVE-2023-3170

The tagDiv Composer WordPress plugin before 4.2, used as a companion by the Newspaper and Newsmag themes from tagDiv, does not validate and escape some settings, which could allow users with Admin privileges to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is...

Cross site scripting

The tagDiv Composer WordPress plugin before 4.2, used as a companion by the Newspaper and Newsmag themes from tagDiv, does not have authorisation in a REST route and does not validate as well as escape some parameters when outputting them back, which could allow unauthenticated users to perform...

Cross site scripting

The tagDiv Composer WordPress plugin before 4.2, used as a companion by the Newspaper and Newsmag themes from tagDiv, does not validate and escape some settings, which could allow users with Admin privileges to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is...

CVE-2023-3170 tagDiv Composer < 4.2 - Admin+ Stored XSS

The tagDiv Composer WordPress plugin before 4.2, used as a companion by the Newspaper and Newsmag themes from tagDiv, does not validate and escape some settings, which could allow users with Admin privileges to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is...

CVE-2023-3170 tagDiv Composer < 4.2 - Admin+ Stored XSS

The tagDiv Composer WordPress plugin before 4.2, used as a companion by the Newspaper and Newsmag themes from tagDiv, does not validate and escape some settings, which could allow users with Admin privileges to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is...

CVE-2023-3170

CVE-2023-3170 affects tagDiv Composer (WordPress plugin) before version 4.2, used with Newspaper/Newsmag themes. The issue is stored XSS arising from insufficient validation/escaping of certain settings, which could be exploitable by admins even when unfiltered_html is disabled (e.g., multisite)....

CVE-2023-3169

The CVE concerns tagDiv Composer for WordPress (pre-4.2). Concrete detail: unauthenticated stored XSS via the REST endpoint /wp-json/tdw/save_css, exploiting the compiled_css parameter which is stored and later executed when CSS loads. Root cause: authorisation is missing on the REST route and in...

CVE-2023-3169 tagDiv Composer < 4.2 - Unauthenticated Stored XSS

The tagDiv Composer WordPress plugin before 4.2, used as a companion by the Newspaper and Newsmag themes from tagDiv, does not have authorisation in a REST route and does not validate as well as escape some parameters when outputting them back, which could allow unauthenticated users to perform...

CVE-2023-3169 tagDiv Composer < 4.2 - Unauthenticated Stored XSS

The tagDiv Composer WordPress plugin before 4.2, used as a companion by the Newspaper and Newsmag themes from tagDiv, does not have authorisation in a REST route and does not validate as well as escape some parameters when outputting them back, which could allow unauthenticated users to perform...

PT-2023-23421 · Tagdiv · Tagdiv Composer

Name of the Vulnerable Software and Affected Versions: tagDiv Composer WordPress plugin versions prior to 4.2 Description: The issue allows users with Admin privileges to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, such as in a multisite...

PT-2023-7564

Name of the Vulnerable Software and Affected Versions tagDiv Composer Plugin versions prior to 4.2 Description The issue exists due to the lack of proper validation and escaping of certain parameters, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks. This is...

WordPress plugin tagDiv Composer cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

WordPress plugin tagDiv Composer cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

tagDiv Composer < 4.2 - Unauthenticated Stored XSS

Description The plugin, used as a companion by the Newspaper and Newsmag themes from tagDiv, does not have authorisation in a REST route and does not validate as well as escape some parameters when outputting them back, which could allow unauthenticated users to perform Stored Cross-Site Scriptin...

tagDiv Composer < 4.2 - Admin+ Stored XSS

Description The plugin, used as a companion by the Newspaper and Newsmag themes from tagDiv, does not validate and escape some settings, which could allow users with Admin privileges to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example i...

tagDiv Composer < 4.2 - Admin+ Stored XSS

Description The plugin, used as a companion by the Newspaper and Newsmag themes from tagDiv, does not validate and escape some settings, which could allow users with Admin privileges to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example i...

WordPress tagDiv Composer Plugin < 4.2 is vulnerable to Cross Site Scripting (XSS)

Software tagDiv Composer Type Plugin Vulnerable versions 4.2 Fixed in 4.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-3170 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 0bb07a5b8baf Credits Truoc Phan Required privilege...

WordPress tagDiv Composer Plugin < 4.2 is vulnerable to Cross Site Scripting (XSS)

Software tagDiv Composer Type Plugin Vulnerable versions 4.2 Fixed in 4.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-3169 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 070584615152 Credits Truoc Phan Required privileg...