🔎 Have you found a vulnerability in a WordPress plugin or theme? Report vulnerabilities in WordPress plugins and themes through our bug bounty program and earn a bounty on all in-scope submissions, while we handle the responsible disclosure process on your behalf.

tagDiv Composer

Wordfence Intelligence > Vulnerability Database > WordPress Plugins > tagDiv Composer

Information

Software Type	Plugin
Software Slug	td-composer
Software Status	Active
Software Author	tagDiv
Software Website	tagdiv.com
Software Record Last Updated	April 16, 2024

8 Vulnerabilities

tagDiv Composer <= 4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via button Shortcode

6.4

CVE-2024-3888

Jun 3, 2024

Researcher: Truoc Phan

tagDiv Composer <= 4.8 - Authenticated (Author+) Stored Cross-Site Scripting via Attachment Meta

5.5

CVE-2024-3814

Apr 18, 2024

Researcher: István Márton

tagDiv Composer <= 4.8 - Authenticated (Contributor+) Local File Inclusion via Shortcode

8.8

CVE-2024-3813

Apr 18, 2024

Researcher: István Márton

tagDiv Composer <= 4.1 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4

CVE-2023-3170

Aug 17, 2023

Researcher: Truoc Phan

tagDiv Composer <= 4.1 - Unauthenticated Stored Cross-Site Scripting

7.2

CVE-2023-3169

Aug 17, 2023

Researcher: Truoc Phan

tagDiv Composer < 4.4 - Cross-Site Request Forgery to Cross-Site Scripting

6.1

CVE-2023-39166

Jul 25, 2023

Researcher: Truoc Phan

tagDiv Composer < 4.0 - Reflected Cross-Site Scripting via ‘td_video_url’

6.1

CVE-2023-1596

Apr 17, 2023

Researcher: Truoc Phan

tagDiv Composer < 3.5 - Unauthorized Account Access and Privilege Escalation

9.8

CVE-2022-3477

Oct 24, 2022

Researcher: Truoc Phan

Title	Status	CVE ID	CVSS	Researchers	Date
tagDiv Composer <= 4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via button Shortcode	Patched	CVE-2024-3888	6.4	Truoc Phan	June 3, 2024
tagDiv Composer <= 4.8 - Authenticated (Author+) Stored Cross-Site Scripting via Attachment Meta	Patched	CVE-2024-3814	5.5	István Márton	April 18, 2024
tagDiv Composer <= 4.8 - Authenticated (Contributor+) Local File Inclusion via Shortcode	Patched	CVE-2024-3813	8.8	István Márton	April 18, 2024
tagDiv Composer <= 4.1 - Authenticated (Admin+) Stored Cross-Site Scripting	Patched	CVE-2023-3170	4.4	Truoc Phan	August 17, 2023
tagDiv Composer <= 4.1 - Unauthenticated Stored Cross-Site Scripting	Patched	CVE-2023-3169	7.2	Truoc Phan	August 17, 2023
tagDiv Composer < 4.4 - Cross-Site Request Forgery to Cross-Site Scripting	Patched	CVE-2023-39166	6.1	Truoc Phan	July 25, 2023
tagDiv Composer < 4.0 - Reflected Cross-Site Scripting via ‘td_video_url’	Patched	CVE-2023-1596	6.1	Truoc Phan	April 17, 2023
tagDiv Composer < 3.5 - Unauthorized Account Access and Privilege Escalation	Patched	CVE-2022-3477	9.8	Truoc Phan	October 24, 2022

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation