PT-2021-19252 · Tagdiv · Tagdiv Newspaper Theme

Published

2021-07-19

Updated

2021-07-28

CVE-2021-3135

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions tagDiv Newspaper theme version 10.3.9.1

Description The issue allows for XSS via the td block id parameter in a td ajax block API call to the "wp-admin/admin-ajax.php" endpoint. This enables potential attackers to inject malicious scripts into the website.

Recommendations For tagDiv Newspaper theme version 10.3.9.1, consider disabling the td ajax block API call or restricting access to the wp-admin/admin-ajax.php endpoint until a patch is available. Avoid using the td block id parameter in the affected API endpoint until the issue is resolved.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2021-3135

Affected Products

Tagdiv Newspaper Theme

PT-2021-19252 · Tagdiv · Tagdiv Newspaper Theme

CVE-2021-3135

Weakness Enumeration

Related Identifiers

Affected Products

References · 5