The tagDiv Composer WordPress plugin before 4.2, used as a companion by the Newspaper and Newsmag themes from tagDiv, does not have authorisation in a REST route and does not validate as well as escape some parameters when outputting them back, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks.
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/e6d8216d-ace4-48ba-afca-74da0dc5abb5 | Exploit Third Party Advisory |
https://wpscan.com/vulnerability/e6d8216d-ace4-48ba-afca-74da0dc5abb5 | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 08:16
Type | Values Removed | Values Added |
---|---|---|
References | () https://wpscan.com/vulnerability/e6d8216d-ace4-48ba-afca-74da0dc5abb5 - Exploit, Third Party Advisory |
26 Sep 2024, 16:35
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-09-11 20:15
Updated : 2024-11-21 08:16
NVD link : CVE-2023-3169
Mitre link : CVE-2023-3169
CVE.ORG link : CVE-2023-3169
JSON object : View
Products Affected
tagdiv
- tagdiv_composer
CWE
No CWE.