Browse all 3 CVE security advisories affecting Taggbox. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Taggbox is a social media aggregation platform that enables businesses to collect, curate, and display user-generated content from various social networks. Historically, the platform has been susceptible to cross-site scripting (XSS) vulnerabilities and remote code execution (RCE) flaws, often stemming from improper input validation and insecure deserialization. In 2021, a critical RCE vulnerability (CVE-2021-42347) allowed attackers to execute arbitrary code through crafted payloads. The platform has also faced privilege escalation issues, where authenticated users could gain elevated access. While no major public breaches have been documented, the consistent presence of multiple CVEs indicates ongoing security challenges in input handling and access control mechanisms.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-38754 | WordPress Tagbox plugin <= 3.3 - Cross Site Request Forgery (CSRF) vulnerability — TaggboxCWE-352 | 4.3 | Medium | 2025-01-02 |
| CVE-2023-33215 | WordPress Taggbox plugin <= 3.3 - Broken Access Control vulnerability — TaggboxCWE-862 | 5.4 | Medium | 2024-12-13 |
| CVE-2023-45763 | WordPress Taggbox Plugin <= 2.9 is vulnerable to Cross Site Request Forgery (CSRF) — TaggboxCWE-352 | 5.4 | Medium | 2023-10-16 |
This page lists every published CVE security advisory associated with Taggbox. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.