CVE-2026-39712Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in Composer

CWE-80Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)3 documents3 sources
Severity
5.3MEDIUMNVD
EPSS
0.1%
top 83.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Tagdiv Composer
Timeline
PublishedApr 8

Description

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in tagDiv tagDiv Composer td-composer allows Code Injection.This issue affects tagDiv Composer: from n/a through <= 5.4.3.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages1 packages

CVEListV5tagdiv/tagdiv_composer5.4.3

🔴Vulnerability Details

2
GHSA
GHSA-hwgv-97jr-4gh8: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in tagDiv tagDiv Composer td-composer allows Code Injectio2026-04-08
CVEList
WordPress tagDiv Composer plugin <= 5.4.3 - Arbitrary Shortcode Execution vulnerability2026-04-08
CVE-2026-39712 — Tagdiv Composer vulnerability | cvebase