3 matches found
CVE-2023-3170
CVE-2023-3170 affects tagDiv Composer (WordPress plugin) before version 4.2, used with Newspaper/Newsmag themes. The issue is stored XSS arising from insufficient validation/escaping of certain settings, which could be exploitable by admins even when unfiltered_html is disabled (e.g., multisite)....
CVE-2023-3170 tagDiv Composer < 4.2 - Admin+ Stored XSS
The tagDiv Composer WordPress plugin before 4.2, used as a companion by the Newspaper and Newsmag themes from tagDiv, does not validate and escape some settings, which could allow users with Admin privileges to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is...
CVE-2023-3170 tagDiv Composer < 4.2 - Admin+ Stored XSS
The tagDiv Composer WordPress plugin before 4.2, used as a companion by the Newspaper and Newsmag themes from tagDiv, does not validate and escape some settings, which could allow users with Admin privileges to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is...