Vulnerabilities > Tagdiv > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-15 | CVE-2024-3813 | Unspecified vulnerability in Tagdiv Composer 4.2/4.4 The tagDiv Composer plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.8 via the 'td_block_title' shortcode 'block_template_id' attribute. | 8.8 |
| 2023-07-10 | CVE-2023-1597 | Unspecified vulnerability in Tagdiv Cloud Library The tagDiv Cloud Library WordPress plugin before 2.7 does not have authorisation and CSRF in an AJAX action accessible to both unauthenticated and authenticated users, allowing unauthenticated users to change arbitrary user metadata, which could lead to privilege escalation by setting themselves as an admin of the blog. | 8.8 |
| 2019-09-16 | CVE-2016-10972 | Improper Privilege Management vulnerability in Tagdiv Newspaper 6.7.0/6.7.1 The newspaper theme before 6.7.2 for WordPress has a lack of options access control via td_ajax_update_panel. | 7.5 |
| 2019-09-16 | CVE-2017-18634 | Injection vulnerability in Tagdiv Newspaper 6.7.0/6.7.1 The newspaper theme before 6.7.2 for WordPress has script injection via td_ads[header] to admin-ajax.php. | 7.5 |