CVE-2025-3510 – TagDiv Composer WordPress Stored Cross-Site Scripting Vulnerability

May 2, 2025

CVE ID : CVE-2025-3510

Published : May 2, 2025, 4:15 a.m. | 3 hours, 5 minutes ago

Description : The tagDiv Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcodes in all versions up to, and including, 5.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-3709 – Agentflow from Flowring Technology Account Lockout Bypass Vulnerability

Next Article CVE-2025-1326 – Homey WordPress Missing Capability Check Data Deletion Vulnerability

CodeSOD: Using the Old Bean

IBM launches new integration to help unify AI security and governance

Meet Accessible UX Research, A Brand-New Smashing Book

Modernizing your approach to governance, risk and compliance

RAIDOU Remastered: The Mystery of the Soulless Army Review (PC) – A well-done action-RPG remaster that makes me hopeful for more revivals of classic Atlus titles

With Windows 10 circling the drain, Windows 11 sees a long-overdue surge

This PC app boosts FPS in any game on any GPU for only $7 — and it just got a major update

Sam Altman claims Meta is trying to poach OpenAI staffers with $100 million bonuses, but “none of our best people have decided to take them up on that”

Manipulate Image URLs in Laravel with the Image Transform Package

Manipulate Image URLs in Laravel with the Image Transform Package

How cron and Task Scheduler work in Laravel

Laravel: Import Very Large CSV With Jobs and Queues

FOSS Weekly #25.25: Nitrux Hyprland, Joplin Tips, Denmark Ditching Microsoft, Tiling Moves and More Linux Stuff

FOSS Weekly #25.25: Nitrux Hyprland, Joplin Tips, Denmark Ditching Microsoft, Tiling Moves and More Linux Stuff

BrosTrend 5 Port 2.5GB Switch Review

Cuneo is a widget-like calculator and conversion tool

CVE-2025-3510 – TagDiv Composer WordPress Stored Cross-Site Scripting Vulnerability

CVE-2005-2347 – CVE-2022-1234: Apache Struts XML Entity Expansion (XXE) Vulnerability

CVE-2025-32896 – Apache SeaTunnel Unauthenticated Arbitrary File Read and Deserialization Vulnerability

Building a Legacy of Trust from Progressive Insurance to AWS

CVE-2024-12244 – GitLab EE Information Disclosure

Microsoft Copilot for Power Platform

CVE-2025-37827 – Here is a title for the vulnerability: “btrfs: RAID1 Profile Write Pointer Offset Mismatch NULL Pointer Dereference”

ChatGPT Now Recommends Products and Prices With New Shopping Features

How Deutsche Bahn redefines forecasting using Chronos models – Now available on Amazon Bedrock Marketplace

CVE-2025-41646: Critical Authentication Bypass in RevPi Webstatus Threatens Industrial Systems

Dems demand audit of CVE program as Federal funding remains uncertain

CVE-2025-3510 – TagDiv Composer WordPress Stored Cross-Site Scripting Vulnerability

Related Posts