Cross-site Scripting Vulnerability in tagDiv Composer by tagDiv
CVE-2025-62030

Currently unrated

Key Information:

Vendor

WordPress
Status
Tagdiv Composer
Vendor
CVE Published:
6 November 2025

What is CVE-2025-62030?

The tagDiv Composer product by tagDiv contains a vulnerability due to improper neutralization of input during web page generation, commonly known as Cross-site Scripting (XSS). This vulnerability affects versions of the composer up to and including 5.4.1, allowing attackers to inject malicious scripts into web pages viewed by users. Such exploitation can lead to unauthorized actions being performed on behalf of users, potentially compromising user data and site integrity.

Affected Version(s)

tagDiv Composer <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Plugin/td-c...
vdb-entry

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

João Pedro S Alcântara (Kinorth) | Patchstack Bug Bounty Program
JSON
.
CVE-2025-62030 : Cross-site Scripting Vulnerability in tagDiv Composer by tagDiv