Vulnerabilities > Tagdiv
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-31 | CVE-2022-2167 | Cross-site Scripting vulnerability in Tagdiv Newspaper The Newspaper WordPress theme before 12 does not sanitise a parameter before outputting it back in an HTML attribute via an AJAX action, leading to a Reflected Cross-Site Scripting | 6.1 |
| 2022-10-31 | CVE-2022-2627 | Cross-site Scripting vulnerability in Tagdiv Newspaper The Newspaper WordPress theme before 12 does not sanitise a parameter before outputting it back in an HTML attribute via an AJAX action, leading to a Reflected Cross-Site Scripting. | 6.1 |
| 2021-08-09 | CVE-2021-24304 | Cross-site Scripting vulnerability in Tagdiv Newsmag The Newsmag WordPress theme before 5.0 does not sanitise the td_block_id parameter in its td_ajax_block AJAX action, leading to an unauthenticated Reflected Cross-site Scripting (XSS) vulnerability. | 6.1 |
| 2021-07-19 | CVE-2021-3135 | Cross-site Scripting vulnerability in Tagdiv Newspaper 10.3.9.1 An issue was discovered in the tagDiv Newspaper theme 10.3.9.1 for WordPress. | 6.1 |
| 2019-09-16 | CVE-2016-10972 | Improper Privilege Management vulnerability in Tagdiv Newspaper 6.7.0/6.7.1 The newspaper theme before 6.7.2 for WordPress has a lack of options access control via td_ajax_update_panel. | 9.8 |
| 2019-09-16 | CVE-2017-18634 | Injection vulnerability in Tagdiv Newspaper 6.7.0/6.7.1 The newspaper theme before 6.7.2 for WordPress has script injection via td_ads[header] to admin-ajax.php. | 9.8 |