CVE-2024-5212

CVSS V2 None CVSS V3 None
Description
The tagDiv Composer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘envato_code[]’ parameter in all versions up to, and including, 5.0 due to insufficient input sanitization and output escaping within the on_ajax_register_forum_user function. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Overview
  • CVE ID
  • CVE-2024-5212
  • Assigner
  • Wordfence
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2024-08-31T04:29:19.112Z
  • Last Modified Date
  • 2024-08-31T04:29:19.112Z
History
Created Old Value New Value Data Type Notes
2024-08-31 13:05:09 Added to TrackCVE