All the vulnerabilites related to tagDiv - Newsmag
cve-2021-24304
Vulnerability from cvelistv5
Published
2021-08-09 10:04
Modified
2024-08-03 19:28
Severity ?
EPSS score ?
Summary
Newsmag < 5.0 - Unauthenticated Reflected Cross-site Scripting (XSS)
References
| ▼ | URL | Tags |
|---|---|---|
| https://wpscan.com/vulnerability/bb71f2f9-76bd-43f4-a8c9-35771dd28dff | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:28:23.440Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/bb71f2f9-76bd-43f4-a8c9-35771dd28dff"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Newsmag",
"vendor": "Unknown",
"versions": [
{
"lessThan": "5.0",
"status": "affected",
"version": "5.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Truoc Phan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Newsmag WordPress theme before 5.0 does not sanitise the td_block_id parameter in its td_ajax_block AJAX action, leading to an unauthenticated Reflected Cross-site Scripting (XSS) vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-09T10:04:04",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/bb71f2f9-76bd-43f4-a8c9-35771dd28dff"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Newsmag \u003c 5.0 - Unauthenticated Reflected Cross-site Scripting (XSS)",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24304",
"STATE": "PUBLIC",
"TITLE": "Newsmag \u003c 5.0 - Unauthenticated Reflected Cross-site Scripting (XSS)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Newsmag",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "5.0",
"version_value": "5.0"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Truoc Phan"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Newsmag WordPress theme before 5.0 does not sanitise the td_block_id parameter in its td_ajax_block AJAX action, leading to an unauthenticated Reflected Cross-site Scripting (XSS) vulnerability."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/bb71f2f9-76bd-43f4-a8c9-35771dd28dff",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/bb71f2f9-76bd-43f4-a8c9-35771dd28dff"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24304",
"datePublished": "2021-08-09T10:04:04",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:28:23.440Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-3477
Vulnerability from cvelistv5
Published
2022-11-14 00:00
Modified
2025-04-30 19:15
Severity ?
EPSS score ?
Summary
tagDiv Composer < 3.5 - Unauthenticated Account Takeover
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:14:01.441Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/993a95d2-6fce-48de-ae17-06ce2db829ef"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-3477",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-30T19:14:51.185195Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-30T19:15:06.272Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "tagDiv Composer",
"vendor": "tagDiv",
"versions": [
{
"lessThan": "3.5",
"status": "affected",
"version": "3.5",
"versionType": "custom"
}
]
},
{
"product": "Newspaper",
"vendor": "tagDiv",
"versions": [
{
"lessThan": "12.1",
"status": "affected",
"version": "12.1",
"versionType": "custom"
}
]
},
{
"product": "Newsmag",
"vendor": "tagDiv",
"versions": [
{
"lessThan": "5.2.2",
"status": "affected",
"version": "5.2.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Truoc Phan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The tagDiv Composer WordPress plugin before 3.5, required by the Newspaper WordPress theme before 12.1 and Newsmag WordPress theme before 5.2.2, does not properly implement the Facebook login feature, allowing unauthenticated attackers to login as any user by just knowing their email address"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-14T00:00:00.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"url": "https://wpscan.com/vulnerability/993a95d2-6fce-48de-ae17-06ce2db829ef"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "tagDiv Composer \u003c 3.5 - Unauthenticated Account Takeover",
"x_generator": "WPScan CVE Generator"
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-3477",
"datePublished": "2022-11-14T00:00:00.000Z",
"dateReserved": "2022-10-12T00:00:00.000Z",
"dateUpdated": "2025-04-30T19:15:06.272Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}