Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

tagDiv — Vulnerabilities & Security Advisories 23

Browse all 23 CVE security advisories affecting tagDiv. AI-powered Chinese analysis, POCs, and references for each vulnerability.

tagDiv operates primarily as a developer of WordPress plugins and themes, focusing on content management solutions like the Commerce Shop and News Mag. Security audits have identified twenty-three distinct Common Vulnerabilities and Exposures (CVEs) associated with its software ecosystem. Historically, these vulnerabilities predominantly involve Cross-Site Scripting (XSS), SQL injection, and Remote Code Execution (RCE), often stemming from insufficient input validation and improper access controls. Several incidents highlight critical privilege escalation flaws that allow unauthenticated users to execute administrative actions or inject malicious scripts. The recurring nature of these defects suggests systemic issues in the development lifecycle regarding secure coding practices. While the company provides updates, the high volume of disclosed CVEs indicates a persistent risk for organizations relying on its plugins, necessitating rigorous patch management and security monitoring to mitigate potential exploitation of these known weaknesses in their web infrastructure.

Top products by tagDiv: tagDiv Composer tagDiv Opt-In Builder tagDiv Cloud Library
CVE IDTitleCVSSSeverityPublished
CVE-2026-39712 WordPress tagDiv Composer plugin <= 5.4.3 - Arbitrary Shortcode Execution vulnerability — tagDiv ComposerCWE-80 5.3 Medium2026-04-08
CVE-2026-39692 WordPress tagDiv Composer plugin <= 5.4.3 - Cross Site Scripting (XSS) vulnerability — tagDiv ComposerCWE-79 6.5 Medium2026-04-08
CVE-2025-53222 WordPress tagDiv Opt-In Builder plugin <= 1.7.3 - Reflected Cross Site Scripting (XSS) vulnerability — tagDiv Opt-In BuilderCWE-79 7.1 High2026-03-19
CVE-2025-50001 WordPress tagDiv Composer plugin <= 5.4.2 - Reflected Cross Site Scripting (XSS) vulnerability — tagDiv ComposerCWE-79 7.1 High2026-03-19
CVE-2025-50005 WordPress tagDiv Composer plugin <= 5.4.2 - Cross Site Scripting (XSS) vulnerability — tagDiv ComposerCWE-79 6.5 Medium2026-01-22
CVE-2025-62032 WordPress tagDiv Cloud Library plugin < 3.9.2 - Cross Site Scripting (XSS) vulnerability — tagDiv Cloud LibraryCWE-79 6.5 Medium2025-11-06
CVE-2025-62031 WordPress tagDiv Composer plugin <= 5.4.1 - Cross Site Scripting (XSS) vulnerability — tagDiv ComposerCWE-79 7.1 High2025-11-06
CVE-2025-62030 WordPress tagDiv Composer plugin <= 5.4.1 - Cross Site Scripting (XSS) vulnerability — tagDiv ComposerCWE-79 6.5 Medium2025-11-06
CVE-2025-2806 tagDiv Composer <= 5.3 - Reflected Cross-Site Scripting via 'data' — tagDiv ComposerCWE-79 6.1 Medium2025-05-08
CVE-2025-3510 tagDiv Composer <= 5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Shortcodes — tagDiv ComposerCWE-79 6.4 Medium2025-05-02
CVE-2025-2890 tagDiv Opt-In Builder <= 1.7 - Authenticated (Subscriber+) SQL Injection via subscriptionCouponId Parameter — tagDiv Opt-In BuilderCWE-89 6.5 Medium2025-04-30
CVE-2024-13645 TagDiv Composer <= 5.3 - Unauthenticated Arbitrary PHP Object Instantiation — tagDiv ComposerCWE-94 9.8 Critical2025-04-04
CVE-2025-1705 tagDiv Composer <= 5.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting — tagDiv ComposerCWE-79 6.1 Medium2025-03-28
CVE-2025-2804 tagDiv Composer <= 5.3 - Reflected Cross-Site Scripting via 'account_id' and 'account_username' — tagDiv ComposerCWE-79 6.1 Medium2025-03-28
CVE-2024-3886 tagDiv Composer <= 5.0 - Reflected Cross-Site Scripting via envato_code[] — tagDiv ComposerCWE-79 6.1 Medium2024-08-31
CVE-2024-5212 tagDiv Composer <= 5.0 - Reflected Cross-Site Scripting via envato_code[] — tagDiv ComposerCWE-79 6.1 Medium2024-08-31
CVE-2023-3416 tagDiv Opt-In Builder <= 1.4.4 - Authenticated (Admin+) SQL Injection — tagDiv Opt-In BuilderCWE-89 7.2 High2024-08-17
CVE-2023-3419 tagDiv Opt-In Builder <= 1.4.4 - Authenticated (Admin+) SQL Injection — tagDiv Opt-In BuilderCWE-89 7.2 High2024-08-17
CVE-2024-3813 tagDiv Composer <= 4.8 - Authenticated (Contributor+) Local File Inclusion via Shortcode — tagDiv ComposerCWE-98 8.8 High2024-06-15
CVE-2024-3814 tagDiv Composer <= 4.8 - Authenticated (Author+) Stored Cross-Site Scripting via Attachment Meta — tagDiv ComposerCWE-79 5.5 Medium2024-06-15
CVE-2024-3888 tagDiv Composer <= 4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via button Shortcode — tagDiv ComposerCWE-79 6.4 Medium2024-06-04
CVE-2023-39166 WordPress tagDiv Composer Plugin < 4.4 is vulnerable to Cross Site Request Forgery (CSRF) — tagDiv ComposerCWE-352 7.1 High2023-11-13
CVE-2022-3477 tagDiv Composer < 3.5 - Unauthenticated Account Takeover — tagDiv ComposerCWE-287 8.1 -2022-11-14

This page lists every published CVE security advisory associated with tagDiv. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.