Tagdiv Tagdiv Composer
18 CVEs affecting Tagdiv Tagdiv Composer. Latest disclosed: 2026-04-08. Critical: 1, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-13645 | Critical | 9.8 | 2025-04-04 | The tagDiv Composer plugin for WordPress is vulnerable to PHP Object Instantiation in all versions up to, and including, 5.3 via module parameter. This makes i… |
CVE-2024-3813 | High | 8.8 | 2024-06-15 | The tagDiv Composer plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.8 via the 'td_block_title' shortcode 'bl… |
CVE-2025-50001 | High | 7.1 | 2026-03-19 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tagDiv tagDiv Composer td-composer allows Reflected XSS.T… |
CVE-2025-62031 | High | 7.1 | 2025-11-06 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tagDiv tagDiv Composer td-composer.This issue affects tag… |
CVE-2023-39166 | High | 7.1 | 2023-11-13 | Cross-Site Request Forgery (CSRF) vulnerability in tagDiv tagDiv Composer allows Cross-Site Scripting (XSS).This issue affects tagDiv Composer: from n/a before… |
CVE-2026-39692 | Medium | 6.5 | 2026-04-08 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tagDiv tagDiv Composer td-composer allows Stored XSS.This… |
CVE-2025-50005 | Medium | 6.5 | 2026-01-22 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tagDiv tagDiv Composer td-composer allows DOM-Based XSS.T… |
CVE-2025-62030 | Medium | 6.5 | 2025-11-06 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tagDiv tagDiv Composer td-composer.This issue affects tag… |
CVE-2025-3510 | Medium | 6.4 | 2025-05-02 | The tagDiv Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcodes in all versions up to, and including, 5.4 due to… |
CVE-2024-3888 | Medium | 6.4 | 2024-06-04 | The tagDiv Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's button shortcode in all versions up to, and including, 4… |
CVE-2025-2806 | Medium | 6.1 | 2025-05-08 | The tagDiv Composer plugin for WordPress, used by the Newspaper theme, is vulnerable to Reflected Cross-Site Scripting via the ‘data’ parameter in all versions… |
CVE-2025-1705 | Medium | 6.1 | 2025-03-28 | The tagDiv Composer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.3. This is due to missing or incor… |
CVE-2025-2804 | Medium | 6.1 | 2025-03-28 | The tagDiv Composer plugin for WordPress, used by the Newspaper theme, is vulnerable to Reflected Cross-Site Scripting via the 'account_id' and 'account_userna… |
CVE-2024-3886 | Medium | 6.1 | 2024-08-31 | The tagDiv Composer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘envato_code[]’ parameter in all versions up to, and including… |
CVE-2024-5212 | Medium | 6.1 | 2024-08-31 | The tagDiv Composer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘envato_code[]’ parameter in all versions up to, and including… |
CVE-2024-3814 | Medium | 5.5 | 2024-06-15 | The tagDiv Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'single' module in all versions up to, and including, 4… |
CVE-2026-39712 | Medium | 5.3 | 2026-04-08 | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in tagDiv tagDiv Composer td-composer allows Code Injection.This is… |
CVE-2022-3477 | | 2022-11-14 | The tagDiv Composer WordPress plugin before 3.5, required by the Newspaper WordPress theme before 12.1 and Newsmag WordPress theme before 5.2.2, does not prope… |