CVE-2023-39166 — Cross-Site Request Forgery in Composer

CWE-352 — Cross-Site Request Forgery CWE-79 — Cross-site Scripting3 documents3 sources

Severity

6.1MEDIUMNVD

CNA7.1

EPSS

0.1%

top 81.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tagdiv Composer

Timeline

PublishedNov 13

Description

Cross-Site Request Forgery (CSRF) vulnerability in tagDiv tagDiv Composer allows Cross-Site Scripting (XSS).This issue affects tagDiv Composer: from n/a before 4.4.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5tagdiv/tagdiv_composern/a — 4.4

▶NVDtagdiv/tagdiv_composer< 4.4

🔴Vulnerability Details

CVEList

WordPress tagDiv Composer Plugin < 4.4 is vulnerable to Cross Site Request Forgery (CSRF)↗2023-11-13

▶

GHSA

GHSA-p58v-p4q5-5r63: Cross-Site Request Forgery (CSRF) vulnerability in tagDiv tagDiv Composer allows Cross-Site Scripting (XSS)↗2023-11-13

▶