CVE-2025-1705

Name of the Vulnerable Software and Affected Versions tagDiv Composer plugin for WordPress versions prior to 5.3

Description The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation within the td ajax get views AJAX action. This allows unauthenticated attackers to inject malicious web scripts via a forged request if they can trick a site administrator into performing a specific action, such as clicking on a link.

Recommendations For versions prior to 5.3, update to version 5.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the td ajax get views AJAX action to minimize the risk of exploitation.