Vulnerabilities > CVE-2023-3169 - Unspecified vulnerability in Tagdiv Composer

CVSS 6.1 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

low complexity

tagdiv

NVD

Published: 2023-09-11

Updated: 2023-11-07

Summary

The tagDiv Composer WordPress plugin before 4.2, used as a companion by the Newspaper and Newsmag themes from tagDiv, does not have authorisation in a REST route and does not validate as well as escape some parameters when outputting them back, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks.

Vulnerable Configurations

Part	Description	Count
Application	Tagdiv Tagdiv Tagdiv Composer *	1

References

https://wpscan.com/vulnerability/e6d8216d-ace4-48ba-afca-74da0dc5abb5

Summary

Vulnerable Configurations

Related news

References