Vulnerabilities > Tagdiv > Newspaper > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-15 | CVE-2024-3815 | Cross-site Scripting vulnerability in Tagdiv Newspaper The Newspaper theme for WordPress is vulnerable to Stored Cross-Site Scripting via attachment meta in the archive page in all versions up to, and including, 12.6.5 due to insufficient input sanitization and output escaping on user supplied attributes. | 4.8 |
| 2022-10-31 | CVE-2022-2167 | Cross-site Scripting vulnerability in Tagdiv Newspaper The Newspaper WordPress theme before 12 does not sanitise a parameter before outputting it back in an HTML attribute via an AJAX action, leading to a Reflected Cross-Site Scripting | 6.1 |
| 2022-10-31 | CVE-2022-2627 | Cross-site Scripting vulnerability in Tagdiv Newspaper The Newspaper WordPress theme before 12 does not sanitise a parameter before outputting it back in an HTML attribute via an AJAX action, leading to a Reflected Cross-Site Scripting. | 6.1 |
| 2021-07-19 | CVE-2021-3135 | Cross-site Scripting vulnerability in Tagdiv Newspaper 10.3.9.1 An issue was discovered in the tagDiv Newspaper theme 10.3.9.1 for WordPress. | 4.3 |