Skip to main content

Tagdiv Cloud Library

1 CVEs product

Monthly

CVE-2026-57733 HIGH This Week

Stored/DOM-based cross-site scripting in the tagDiv Cloud Library (td-cloud-library) WordPress plugin, versions up to and including 3.9.4, allows remote unauthenticated attackers to execute arbitrary JavaScript in a victim's browser when the victim interacts with a crafted input, per the CVSS PR:N/UI:R vector. Because the scope is changed (S:C), the injected script can affect resources beyond the vulnerable component - for example hijacking an authenticated administrator session. Reported by Patchstack; no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

XSS Tagdiv Cloud Library
NVD
CVSS 3.1
7.1
EPSS
0.3%
EPSS 0% CVSS 7.1
HIGH This Week

Stored/DOM-based cross-site scripting in the tagDiv Cloud Library (td-cloud-library) WordPress plugin, versions up to and including 3.9.4, allows remote unauthenticated attackers to execute arbitrary JavaScript in a victim's browser when the victim interacts with a crafted input, per the CVSS PR:N/UI:R vector. Because the scope is changed (S:C), the injected script can affect resources beyond the vulnerable component - for example hijacking an authenticated administrator session. Reported by Patchstack; no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

XSS Tagdiv Cloud Library
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy