Vulnerabilities > Tagdiv > Newspaper > 6.7.0

DATE CVE VULNERABILITY TITLE RISK
2022-10-31 CVE-2022-2167 Cross-site Scripting vulnerability in Tagdiv Newspaper
The Newspaper WordPress theme before 12 does not sanitise a parameter before outputting it back in an HTML attribute via an AJAX action, leading to a Reflected Cross-Site Scripting
network
low complexity
tagdiv CWE-79
6.1
6.1
2022-10-31 CVE-2022-2627 Cross-site Scripting vulnerability in Tagdiv Newspaper
The Newspaper WordPress theme before 12 does not sanitise a parameter before outputting it back in an HTML attribute via an AJAX action, leading to a Reflected Cross-Site Scripting.
network
low complexity
tagdiv CWE-79
6.1
6.1
2019-09-16 CVE-2016-10972 Improper Privilege Management vulnerability in Tagdiv Newspaper 6.7.0/6.7.1
The newspaper theme before 6.7.2 for WordPress has a lack of options access control via td_ajax_update_panel.
network
low complexity
tagdiv CWE-269
7.5
7.5
2019-09-16 CVE-2017-18634 Injection vulnerability in Tagdiv Newspaper 6.7.0/6.7.1
The newspaper theme before 6.7.2 for WordPress has script injection via td_ads[header] to admin-ajax.php.
network
low complexity
tagdiv CWE-74
7.5
7.5