Tagdiv Cloud Library
Monthly
Stored/DOM-based cross-site scripting in the tagDiv Cloud Library (td-cloud-library) WordPress plugin, versions up to and including 3.9.4, allows remote unauthenticated attackers to execute arbitrary JavaScript in a victim's browser when the victim interacts with a crafted input, per the CVSS PR:N/UI:R vector. Because the scope is changed (S:C), the injected script can affect resources beyond the vulnerable component - for example hijacking an authenticated administrator session. Reported by Patchstack; no public exploit identified at time of analysis and the issue is not listed in CISA KEV.
Stored/DOM-based cross-site scripting in the tagDiv Cloud Library (td-cloud-library) WordPress plugin, versions up to and including 3.9.4, allows remote unauthenticated attackers to execute arbitrary JavaScript in a victim's browser when the victim interacts with a crafted input, per the CVSS PR:N/UI:R vector. Because the scope is changed (S:C), the injected script can affect resources beyond the vulnerable component - for example hijacking an authenticated administrator session. Reported by Patchstack; no public exploit identified at time of analysis and the issue is not listed in CISA KEV.