The tagDiv Composer WordPress plugin before 4.2, used as a companion by the Newspaper and Newsmag themes from tagDiv, does not have authorisation in a REST route and does not validate as well as escape some parameters when outputting them back, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Tagdiv_composer | Tagdiv | * | 4.2 (excluding) |