CVE-2025-50001Cross-site Scripting in Composer

CWE-79Cross-site ScriptingCWE-755Improper Handling of Exceptional Conditions5 documents5 sources
Severity
9.8CRITICAL
No vector
EPSS
0.0%
top 88.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Tagdiv Composer
Timeline
PublishedMar 19

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tagDiv tagDiv Composer td-composer allows Reflected XSS.This issue affects tagDiv Composer: from n/a through <= 5.4.2.

Affected Packages1 packages

CVEListV5tagdiv/tagdiv_composer5.4.2

🔴Vulnerability Details

2
CVEList
WordPress tagDiv Composer plugin <= 5.4.2 - Reflected Cross Site Scripting (XSS) vulnerability2026-03-19
GHSA
GHSA-xg86-h65x-2p6q: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tagDiv tagDiv Composer allows Reflected XSS2026-03-19

📋Vendor Advisories

1
Microsoft
net/mlx5: Fix error path in multi-packet WQE transmit2024-10-08

🕵️Threat Intelligence

1
Wiz
CVE-2025-50001 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2025-50001 — Cross-site Scripting in Composer | cvebase