Severity by source
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Primary rating from Vendor (Patchstack) · only source for this CVE.
CVSS VectorVendor: Patchstack
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Lifecycle Timeline
2DescriptionCVE.org
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tagDiv tagDiv Opt-In Builder td-subscription allows DOM-Based XSS.This issue affects tagDiv Opt-In Builder: from n/a through <= 1.7.4.
AnalysisAI
DOM-based cross-site scripting in the tagDiv Opt-In Builder WordPress plugin (td-subscription) affects all versions up to and including 1.7.4, allowing remote unauthenticated attackers to execute arbitrary JavaScript in a victim's browser when the victim interacts with a crafted link or page. The CVSS 3.1 scope-changed vector (7.1) reflects that injected script runs in the site's origin and can affect resources beyond the vulnerable component. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Recommended ActionAI
Within 24 hours, audit all WordPress installations to identify deployments of td-subscription plugin versions 1.7.4 or earlier, and disable or remove the plugin immediately as an emergency measure. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-43379