CVE-2025-2806 – TagDiv Composer WordPress Reflected Cross-Site Scripting

May 8, 2025

CVE ID : CVE-2025-2806

Published : May 8, 2025, 12:15 p.m. | 3 hours, 22 minutes ago

Description : The tagDiv Composer plugin for WordPress, used by the Newspaper theme, is vulnerable to Reflected Cross-Site Scripting via the ‘data’ parameter in all versions up to, and including, 5.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

Severity: 6.1 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-3468 – NEX-Forms Stored Cross-Site Scripting Vulnerability

Next Article Il Processo di Avvio di un Sistema GNU/Linux: Dalla Scheda Madre al Sistema Operativo

Highlights

CVE-2025-5643 – “Radare2 Local Memory Corruption Vulnerability”

June 5, 2025

CVE ID : CVE-2025-5643

Published : June 5, 2025, 7:15 a.m. | 4 hours, 25 minutes ago

Description : A vulnerability classified as problematic was found in Radare2 5.9.9. Affected by this vulnerability is the function cons_stack_load in the library /libr/cons/cons.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. An attack has to be approached locally. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The patch is named 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and “crashy”. Further analysis has shown “the race is not a real problem unless you use asan”. A new warning has been added.

Severity: 2.5 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Google’s Agent2Agent protocol finds new home at the Linux Foundation

Decoding The SVG path Element: Curve And Arc Commands

This week in AI dev tools: Gemini 2.5 Pro and Flash GA, GitHub Copilot Spaces, and more (June 20, 2025)

Gemini 2.5 Pro and Flash are generally available and Gemini 2.5 Flash-Lite preview is announced

Best early Prime Day Nintendo Switch deals: My 17 favorite sales live now

How I use VirtualBox to run any OS on my Mac – including Linux

Apple will give you a free pair of AirPods when you buy a MacBook or iPad for school – here’s who’s eligible

How Apple’s biggest potential acquisition ever could perplex AI rivals like Google

Music Streaming Platform using PHP and MySQL

Music Streaming Platform using PHP and MySQL

Solutions That Benefit Everyone – Why Inclusive Design Matters for All

Reducing Barriers Across Industries Through Inclusive Design

Windows 11 Installation Assistant Download: 2025 Guide

Windows 11 Installation Assistant Download: 2025 Guide

Didn’t Receive Gears of War: Reloaded Code? Explainer

Fix Vibrant Visuals Greyed Out in Minecraft Bedrock

CVE-2025-2806 – TagDiv Composer WordPress Reflected Cross-Site Scripting

Typhoon-like gang slinging TLS certificate ‘signed’ by the Los Angeles Police Department

Wedding Invitation Scam: SpyMax RAT Targets Indian WhatsApp Users, Stealing OTPs & Banking Credentials

Fix Coming for Window Button Bug in Ubuntu 25.04

Now Generally Available: 7 New Resource Policies to Strengthen Atlas Security

Qualcomm fixes three Adreno GPU zero-days exploited in attacks

N|Solid 6.1.8: Major AI Upgrades, UX Enhancements, and Tracing Improvements

CVE-2025-5643 – “Radare2 Local Memory Corruption Vulnerability”

Fix Coming for Window Button Bug in Ubuntu 25.04

CVE-2025-46060 – TOTOLINK N600R Buffer Overflow Vulnerability

Siri 2.0 Delayed? Next-Gen AI Assistant Not Expected Until iOS 26.4 in Spring 2026

CVE-2025-2806 – TagDiv Composer WordPress Reflected Cross-Site Scripting

Related Posts