TagDiv 厂商漏洞列表 / CVE 中文分析 23

TagDiv 厂商相关 23 条 CVE 漏洞，含 AI 中文分析、POC、CVSS 评分与受影响产品。

tagDiv 主要提供 WordPress 主题与插件开发服务，其核心产品用于构建企业级网站。截至最新统计，该厂商已收录 23 条 CVE，历史漏洞多集中于未授权访问、跨站脚本及远程代码执行，常因输入验证缺失或权限控制不严引发。部分插件曾存在敏感信息泄露风险，建议用户及时更新组件以修复已知缺陷，确保网站运行安全。

上位製品 TagDiv: tagDiv Composer tagDiv Opt-In Builder tagDiv Cloud Library

CVEs 23

CVE ID	タイトル	CVSS	深刻度	公開日
CVE-2026-39712	WordPress tagDiv Composer plugin <= 5.4.3 - Arbitrary Shortcode Execution vulnerability — tagDiv ComposerCWE-80	5.3	Medium	2026-04-08
CVE-2026-39692	WordPress tagDiv Composer plugin <= 5.4.3 - Cross Site Scripting (XSS) vulnerability — tagDiv ComposerCWE-79	6.5	Medium	2026-04-08
CVE-2025-53222	WordPress tagDiv Opt-In Builder plugin <= 1.7.3 - Reflected Cross Site Scripting (XSS) vulnerability — tagDiv Opt-In BuilderCWE-79	7.1	High	2026-03-19
CVE-2025-50001	WordPress tagDiv Composer plugin <= 5.4.2 - Reflected Cross Site Scripting (XSS) vulnerability — tagDiv ComposerCWE-79	7.1	High	2026-03-19
CVE-2025-50005	WordPress tagDiv Composer plugin <= 5.4.2 - Cross Site Scripting (XSS) vulnerability — tagDiv ComposerCWE-79	6.5	Medium	2026-01-22
CVE-2025-62032	WordPress tagDiv Cloud Library plugin < 3.9.2 - Cross Site Scripting (XSS) vulnerability — tagDiv Cloud LibraryCWE-79	6.5	Medium	2025-11-06
CVE-2025-62031	WordPress tagDiv Composer plugin <= 5.4.1 - Cross Site Scripting (XSS) vulnerability — tagDiv ComposerCWE-79	7.1	High	2025-11-06
CVE-2025-62030	WordPress tagDiv Composer plugin <= 5.4.1 - Cross Site Scripting (XSS) vulnerability — tagDiv ComposerCWE-79	6.5	Medium	2025-11-06
CVE-2025-2806	tagDiv Composer <= 5.3 - Reflected Cross-Site Scripting via 'data' — tagDiv ComposerCWE-79	6.1	Medium	2025-05-08
CVE-2025-3510	tagDiv Composer <= 5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Shortcodes — tagDiv ComposerCWE-79	6.4	Medium	2025-05-02
CVE-2025-2890	tagDiv Opt-In Builder <= 1.7 - Authenticated (Subscriber+) SQL Injection via subscriptionCouponId Parameter — tagDiv Opt-In BuilderCWE-89	6.5	Medium	2025-04-30
CVE-2024-13645	TagDiv Composer <= 5.3 - Unauthenticated Arbitrary PHP Object Instantiation — tagDiv ComposerCWE-94	9.8	Critical	2025-04-04
CVE-2025-1705	tagDiv Composer <= 5.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting — tagDiv ComposerCWE-79	6.1	Medium	2025-03-28
CVE-2025-2804	tagDiv Composer <= 5.3 - Reflected Cross-Site Scripting via 'account_id' and 'account_username' — tagDiv ComposerCWE-79	6.1	Medium	2025-03-28
CVE-2024-3886	tagDiv Composer <= 5.0 - Reflected Cross-Site Scripting via envato_code[] — tagDiv ComposerCWE-79	6.1	Medium	2024-08-31
CVE-2024-5212	tagDiv Composer <= 5.0 - Reflected Cross-Site Scripting via envato_code[] — tagDiv ComposerCWE-79	6.1	Medium	2024-08-31
CVE-2023-3416	tagDiv Opt-In Builder <= 1.4.4 - Authenticated (Admin+) SQL Injection — tagDiv Opt-In BuilderCWE-89	7.2	High	2024-08-17
CVE-2023-3419	tagDiv Opt-In Builder <= 1.4.4 - Authenticated (Admin+) SQL Injection — tagDiv Opt-In BuilderCWE-89	7.2	High	2024-08-17
CVE-2024-3813	tagDiv Composer <= 4.8 - Authenticated (Contributor+) Local File Inclusion via Shortcode — tagDiv ComposerCWE-98	8.8	High	2024-06-15
CVE-2024-3814	tagDiv Composer <= 4.8 - Authenticated (Author+) Stored Cross-Site Scripting via Attachment Meta — tagDiv ComposerCWE-79	5.5	Medium	2024-06-15
CVE-2024-3888	tagDiv Composer <= 4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via button Shortcode — tagDiv ComposerCWE-79	6.4	Medium	2024-06-04
CVE-2023-39166	WordPress tagDiv Composer Plugin < 4.4 is vulnerable to Cross Site Request Forgery (CSRF) — tagDiv ComposerCWE-352	7.1	High	2023-11-13
CVE-2022-3477	tagDiv Composer < 3.5 - Unauthenticated Account Takeover — tagDiv ComposerCWE-287	8.1	-	2022-11-14

本页汇总了 TagDiv 厂商截至目前公开的全部 23 条 CVE 漏洞。每条漏洞均包含 CVSS 评分、CWE 弱点分类、受影响产品与参考链接，并附带 AI 生成的中文分析以便快速判断风险。

目標達成 すべての支援者に感謝 — 100%達成しました！

TagDiv 厂商漏洞列表 / CVE 中文分析 23

目標達成すべての支援者に感謝 — 100%達成しました！