CVE-2025-2806 – TagDiv Composer WordPress Reflected Cross-Site Scripting

May 8, 2025

CVE ID : CVE-2025-2806

Published : May 8, 2025, 12:15 p.m. | 3 hours, 22 minutes ago

Description : The tagDiv Composer plugin for WordPress, used by the Newspaper theme, is vulnerable to Reflected Cross-Site Scripting via the ‘data’ parameter in all versions up to, and including, 5.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

Severity: 6.1 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-3468 – NEX-Forms Stored Cross-Site Scripting Vulnerability

Next Article Il Processo di Avvio di un Sistema GNU/Linux: Dalla Scheda Madre al Sistema Operativo

Elastic simplifies log analytics for SREs and developers with launch of Log Essentials

OpenAI launches GPT-5

Melissa brings its data quality solutions to Azure with new SSIS integration

Automating Design Systems: Tips And Resources For Getting Started

This $180 mini projector has no business being this good for the price

GPT-5 is finally here, and you can access it for free today – no subscription needed

Changing this Android setting instantly doubled my phone speed (Samsung and Google models included)

ChatGPT can now talk nerdy to you – plus more personalities and other upgrades beyond GPT-5

Advanced Application Architecture through Laravel’s Service Container Management

Advanced Application Architecture through Laravel’s Service Container Management

Switch Between Personas in Laravel With the MultiPersona Package

AI-Driven Smart Tagging and Metadata in AEM Assets

Bill Gates on AI’s Impact: ‘Be Curious, Read, and Use the Latest Tools’

Bill Gates on AI’s Impact: ‘Be Curious, Read, and Use the Latest Tools’

Halo Infinite’s Fall Update: New Features and Modes to Revive the Game?

Forza Motorsport’s Future in Jeopardy: Fans Demand Clarity from Microsoft

CVE-2025-2806 – TagDiv Composer WordPress Reflected Cross-Site Scripting

Microsoft to Pull Plug on Shared EWS Access in Hybrid Exchange by October

Google Confirms Salesforce Database Breach by ShinyHunters Group

Critical Wazuh RCE (CVE-2025-24016) Actively Exploited by Mirai Botnets

Closing Deals Faster: The Future of Sales with AI & Personalization

How to Start a Career in Technical Writing by Contributing to Open Source

Perfect Pagination: Unlock UI Control with onEachSide

Rilasciata CachyOS Maggio 2025: Miglioramenti per GPU NVIDIA e Novità per il Gaming

CVE-2025-28032 – TOTOLINK Router Pre-Auth Buffer Overflow Vulnerability

SaveFBS Facebook Video Downloader

CVE-2025-43849 – Apache TTS Voice Conversion Framework Deserialization RCE

CVE-2025-2806 – TagDiv Composer WordPress Reflected Cross-Site Scripting

Related Posts