Reflected Cross-Site Scripting Vulnerability in tagDiv Composer Plugin for WordPress
CVE-2025-2806
6.1MEDIUM
What is CVE-2025-2806?
The tagDiv Composer plugin for WordPress, utilized in the Newspaper theme, exposes a reflected cross-site scripting issue due to inadequate input sanitization and output escaping. Attackers can exploit this vulnerability by manipulating the 'data' parameter, allowing them to inject malicious scripts into web pages. This risk is particularly concerning as unauthenticated users can execute harmful scripts by coaxing legitimate users into clicking on deceptive links, leading to potential data breaches and compromised user accounts.
Affected Version(s)
tagDiv Composer * <= 5.3