CVE-2024-3815
- EPSS 0.25%
- Veröffentlicht 15.06.2024 02:15:51
- Zuletzt bearbeitet 21.11.2024 09:30:27
The Newspaper theme for WordPress is vulnerable to Stored Cross-Site Scripting via attachment meta in the archive page in all versions up to, and including, 12.6.5 due to insufficient input sanitization and output escaping on user supplied attributes...
CVE-2024-3888
- EPSS 0.31%
- Veröffentlicht 04.06.2024 05:15:49
- Zuletzt bearbeitet 21.11.2024 09:30:38
The tagDiv Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's button shortcode in all versions up to, and including, 4.8 due to insufficient input sanitization and output escaping on user supplied attributes. ...
CVE-2022-2167
- EPSS 0.47%
- Veröffentlicht 31.10.2022 16:15:10
- Zuletzt bearbeitet 07.05.2025 14:15:30
The Newspaper WordPress theme before 12 does not sanitise a parameter before outputting it back in an HTML attribute via an AJAX action, leading to a Reflected Cross-Site Scripting
CVE-2022-2627
- EPSS 23.64%
- Veröffentlicht 31.10.2022 16:15:10
- Zuletzt bearbeitet 08.05.2025 19:15:51
The Newspaper WordPress theme before 12 does not sanitise a parameter before outputting it back in an HTML attribute via an AJAX action, leading to a Reflected Cross-Site Scripting.
CVE-2021-3135
- EPSS 0.44%
- Veröffentlicht 19.07.2021 21:15:07
- Zuletzt bearbeitet 21.11.2024 06:20:58
An issue was discovered in the tagDiv Newspaper theme 10.3.9.1 for WordPress. It allows XSS via the wp-admin/admin-ajax.php td_block_id parameter in a td_ajax_block API call.
CVE-2016-10972
- EPSS 60.49%
- Veröffentlicht 16.09.2019 17:15:10
- Zuletzt bearbeitet 21.11.2024 02:45:12
The newspaper theme before 6.7.2 for WordPress has a lack of options access control via td_ajax_update_panel.
CVE-2017-18634
- EPSS 1.09%
- Veröffentlicht 16.09.2019 12:15:10
- Zuletzt bearbeitet 21.11.2024 03:20:32
The newspaper theme before 6.7.2 for WordPress has script injection via td_ads[header] to admin-ajax.php.