Total
5 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-2167 | 1 Tagdiv | 1 Newspaper | 2023-12-10 | N/A | 6.1 MEDIUM |
| The Newspaper WordPress theme before 12 does not sanitise a parameter before outputting it back in an HTML attribute via an AJAX action, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2022-2627 | 1 Tagdiv | 1 Newspaper | 2023-12-10 | N/A | 6.1 MEDIUM |
| The Newspaper WordPress theme before 12 does not sanitise a parameter before outputting it back in an HTML attribute via an AJAX action, leading to a Reflected Cross-Site Scripting. | |||||
| CVE-2021-3135 | 1 Tagdiv | 1 Newspaper | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in the tagDiv Newspaper theme 10.3.9.1 for WordPress. It allows XSS via the wp-admin/admin-ajax.php td_block_id parameter in a td_ajax_block API call. | |||||
| CVE-2016-10972 | 1 Tagdiv | 1 Newspaper | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| The newspaper theme before 6.7.2 for WordPress has a lack of options access control via td_ajax_update_panel. | |||||
| CVE-2017-18634 | 1 Tagdiv | 1 Newspaper | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| The newspaper theme before 6.7.2 for WordPress has script injection via td_ads[header] to admin-ajax.php. | |||||