2 matches found
CVE-2025-2804
creationtimestamp| type| source ---|---|--- 2025-03-28 05:32:06+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/9267 2025-03-28 06:29:07+00:00| seen| https://bsky.app/profile/potato.software/post/3llg6rxlq4e2k 2025-03-28 09:23:00+00:00| seen| https://t.me/cvedetector/21379...
CVE-2025-2804 tagDiv Composer <= 5.3 - Reflected Cross-Site Scripting via 'account_id' and 'account_username'
The tagDiv Composer plugin for WordPress, used by the Newspaper theme, is vulnerable to Reflected Cross-Site Scripting via the 'accountid' and 'accountusername' parameters in all versions up to, and including, 5.3 due to insufficient input sanitization and output escaping. This makes it possible...