Cross-site Scripting Vulnerability in tagDiv Composer by tagDiv
CVE-2025-62030

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: Tagdiv Composer
Vendor: CVE Published:; 6 November 2025

What is CVE-2025-62030?

The tagDiv Composer product by tagDiv contains a vulnerability due to improper neutralization of input during web page generation, commonly known as Cross-site Scripting (XSS). This vulnerability affects versions of the composer up to and including 5.4.1, allowing attackers to inject malicious scripts into web pages viewed by users. Such exploitation can lead to unauthorized actions being performed on behalf of users, potentially compromising user data and site integrity.

Affected Version(s)

tagDiv Composer <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Plugin/td-c...

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 6, 2025
Vulnerability Reserved
Oct 7, 2025

Credit

João Pedro S Alcântara (Kinorth) | Patchstack Bug Bounty Program

JSON