Lucene search
K

6 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-8559

Malicious code in bioql PyPI...

6.1CVSS9AI score0.00369EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/05/23 1:59 a.m.12 views

CVE-2023-3170

The tagDiv Composer WordPress plugin before 4.2, used as a companion by the Newspaper and Newsmag themes from tagDiv, does not validate and escape some settings, which could allow users with Admin privileges to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is...

4.8CVSS5.8AI score0.00377EPSS
Exploits2References1
Cvelist
Cvelist
added 2025/05/02 3:21 a.m.21 views

CVE-2025-3510 tagDiv Composer <= 5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Shortcodes

The tagDiv Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcodes in all versions up to, and including, 5.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...

6.4CVSS0.00231EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/04/04 5:22 a.m.18 views

CVE-2024-13645 TagDiv Composer <= 5.3 - Unauthenticated Arbitrary PHP Object Instantiation

The tagDiv Composer plugin for WordPress is vulnerable to PHP Object Instantiation in all versions up to, and including, 5.3 via module parameter. This makes it possible for unauthenticated attackers to Instantiate a PHP Object. No known POP chain is present in the vulnerable software, which mean...

9.8CVSS0.00667EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/03/28 8:23 a.m.20 views

CVE-2025-1705 tagDiv Composer <= 5.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The tagDiv Composer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.3. This is due to missing or incorrect nonce validation within the tdajaxgetviews AJAX action. This makes it possible for unauthenticated attackers to inject malicious web...

6.1CVSS0.00369EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/03/28 5:23 a.m.17 views

CVE-2025-2804 tagDiv Composer <= 5.3 - Reflected Cross-Site Scripting via 'account_id' and 'account_username'

The tagDiv Composer plugin for WordPress, used by the Newspaper theme, is vulnerable to Reflected Cross-Site Scripting via the 'accountid' and 'accountusername' parameters in all versions up to, and including, 5.3 due to insufficient input sanitization and output escaping. This makes it possible...

6.1CVSS6.6AI score0.00236EPSS
Exploits0References2
Rows per page
Query Builder