Vulnerabilities (CVE)

Filtered by vendor Tagdiv Subscribe

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 5 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2023-39166	1 Tagdiv	1 Tagdiv Composer	2023-12-06	N/A	6.1 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in tagDiv tagDiv Composer allows Cross-Site Scripting (XSS).This issue affects tagDiv Composer: from n/a before 4.4.
CVE-2021-24304	1 Tagdiv	1 Newsmag	2021-08-17	4.3 MEDIUM	6.1 MEDIUM
The Newsmag WordPress theme before 5.0 does not sanitise the td_block_id parameter in its td_ajax_block AJAX action, leading to an unauthenticated Reflected Cross-site Scripting (XSS) vulnerability.
CVE-2021-3135	1 Tagdiv	1 Newspaper	2021-07-28	4.3 MEDIUM	6.1 MEDIUM
An issue was discovered in the tagDiv Newspaper theme 10.3.9.1 for WordPress. It allows XSS via the wp-admin/admin-ajax.php td_block_id parameter in a td_ajax_block API call.
CVE-2016-10972	1 Tagdiv	1 Newspaper	2019-09-16	7.5 HIGH	9.8 CRITICAL
The newspaper theme before 6.7.2 for WordPress has a lack of options access control via td_ajax_update_panel.
CVE-2017-18634	1 Tagdiv	1 Newspaper	2019-09-16	7.5 HIGH	9.8 CRITICAL
The newspaper theme before 6.7.2 for WordPress has script injection via td_ads[header] to admin-ajax.php.