Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

tagDiv Composer — Vulnerabilities & Security Advisories 21

All 21 CVE vulnerabilities found in tagDiv Composer, with AI-generated Chinese analysis, references, and POCs.

Vendor: tagDiv

CVE IDTitleCVSSSeverityPublished
CVE-2026-39712 WordPress tagDiv Composer plugin <= 5.4.3 - Arbitrary Shortcode Execution vulnerability CWE-80 6.1AIMediumAI2026-04-08
CVE-2026-39692 WordPress tagDiv Composer plugin <= 5.4.3 - Cross Site Scripting (XSS) vulnerability CWE-79 5.4AIMediumAI2026-04-08
CVE-2025-50001 WordPress tagDiv Composer plugin <= 5.4.2 - Reflected Cross Site Scripting (XSS) vulnerability CWE-79 6.1 -2026-03-19
CVE-2025-50005 WordPress tagDiv Composer plugin <= 5.4.2 - Cross Site Scripting (XSS) vulnerability CWE-79 6.5 Medium2026-01-22
CVE-2025-62031 WordPress tagDiv Composer plugin <= 5.4.1 - Cross Site Scripting (XSS) vulnerability CWE-79 5.4 -2025-11-06
CVE-2025-62030 WordPress tagDiv Composer plugin <= 5.4.1 - Cross Site Scripting (XSS) vulnerability CWE-79 5.4 -2025-11-06
CVE-2025-2806 tagDiv Composer <= 5.3 - Reflected Cross-Site Scripting via 'data' CWE-79 6.1 Medium2025-05-08
CVE-2025-3510 tagDiv Composer <= 5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Shortcodes CWE-79 6.4 Medium2025-05-02
CVE-2024-13645 TagDiv Composer <= 5.3 - Unauthenticated Arbitrary PHP Object Instantiation CWE-94 9.8 Critical2025-04-04
CVE-2025-1705 tagDiv Composer <= 5.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting CWE-79 6.1 Medium2025-03-28
CVE-2025-2804 tagDiv Composer <= 5.3 - Reflected Cross-Site Scripting via 'account_id' and 'account_username' CWE-79 6.1 Medium2025-03-28
CVE-2024-3886 tagDiv Composer <= 5.0 - Reflected Cross-Site Scripting via envato_code[] CWE-79 6.1 Medium2024-08-31
CVE-2024-5212 tagDiv Composer <= 5.0 - Reflected Cross-Site Scripting via envato_code[] CWE-79 6.1 Medium2024-08-31
CVE-2024-3813 tagDiv Composer <= 4.8 - Authenticated (Contributor+) Local File Inclusion via Shortcode CWE-98 8.8 High2024-06-15
CVE-2024-3814 tagDiv Composer <= 4.8 - Authenticated (Author+) Stored Cross-Site Scripting via Attachment Meta CWE-79 5.5 Medium2024-06-15
CVE-2024-3888 tagDiv Composer <= 4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via button Shortcode CWE-79 6.4 Medium2024-06-04
CVE-2023-39166 WordPress tagDiv Composer Plugin < 4.4 is vulnerable to Cross Site Request Forgery (CSRF) CWE-352 7.1 High2023-11-13
CVE-2023-3170 tagDiv Composer < 4.2 - Admin+ Stored XSS 4.8 -2023-09-11
CVE-2023-3169 tagDiv Composer < 4.2 - Unauthenticated Stored XSS 6.1 -2023-09-11
CVE-2023-1596 tagDiv Composer < 4.0 - Reflected Cross-site Scripting 6.1 -2023-05-15
CVE-2022-3477 tagDiv Composer < 3.5 - Unauthenticated Account Takeover CWE-287 8.1 -2022-11-14

All 21 known CVE vulnerabilities affecting tagDiv Composer with full Chinese analysis, references, and POCs where available.