CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-3169

The tagDiv Composer WordPress plugin before 4.2, used as a companion by the Newspaper and Newsmag themes from tagDiv, does not have authorisation in a REST route and does not validate as well as escape some parameters when outputting them back, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.006

EPSS Ranking 68.4%

CVSS Severity

CVSS v3 Score 6.1

References

https://wpscan.com/vulnerability/e6d8216d-ace4-48ba-afca-74da0dc5abb5
https://wpscan.com/vulnerability/e6d8216d-ace4-48ba-afca-74da0dc5abb5

Products affected by CVE-2023-3169

Tagdiv » Tagdiv Composer » Version: N/A

cpe:2.3:a:tagdiv:tagdiv_composer:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-3169

Products

Pricing

Contact Us