CVE-2023-1596

Name
CVE-2023-1596
Description
The tagDiv Composer WordPress plugin before 4.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://wpscan.com/vulnerability/cada9be9-522a-4ce8-847d-c8fff2ddcc07

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:tagdiv:composer:*:*:*:*:*:wordpress:*:* composer >= None < 4.0

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
composer 3.18-community 2.6.5-r0 Dave Hall <skwashd@gmail.com> possibly vulnerable
composer 3.19-community 2.7.6-r0 Dave Hall <skwashd@gmail.com> possibly vulnerable
composer 3.20-community 2.8.2-r0 Dave Hall <skwashd@gmail.com> possibly vulnerable
composer edge-community 2.8.3-r1 Paolo Barbolini <paolo.barbolini@m4ss.net> possibly vulnerable