Filtered by vendor Tagdiv
Subscribe
Total
6 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-2167 | 1 Tagdiv | 1 Newspaper | 2022-11-01 | N/A | 6.1 MEDIUM |
| The Newspaper WordPress theme before 12 does not sanitise a parameter before outputting it back in an HTML attribute via an AJAX action, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2022-2627 | 1 Tagdiv | 1 Newspaper | 2022-11-01 | N/A | 6.1 MEDIUM |
| The Newspaper WordPress theme before 12 does not sanitise a parameter before outputting it back in an HTML attribute via an AJAX action, leading to a Reflected Cross-Site Scripting. | |||||
| CVE-2021-24304 | 1 Tagdiv | 1 Newsmag | 2021-08-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Newsmag WordPress theme before 5.0 does not sanitise the td_block_id parameter in its td_ajax_block AJAX action, leading to an unauthenticated Reflected Cross-site Scripting (XSS) vulnerability. | |||||
| CVE-2021-3135 | 1 Tagdiv | 1 Newspaper | 2021-07-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in the tagDiv Newspaper theme 10.3.9.1 for WordPress. It allows XSS via the wp-admin/admin-ajax.php td_block_id parameter in a td_ajax_block API call. | |||||
| CVE-2016-10972 | 1 Tagdiv | 1 Newspaper | 2019-09-16 | 7.5 HIGH | 9.8 CRITICAL |
| The newspaper theme before 6.7.2 for WordPress has a lack of options access control via td_ajax_update_panel. | |||||
| CVE-2017-18634 | 1 Tagdiv | 1 Newspaper | 2019-09-16 | 7.5 HIGH | 9.8 CRITICAL |
| The newspaper theme before 6.7.2 for WordPress has script injection via td_ads[header] to admin-ajax.php. | |||||