Tagdiv Opt In Builder
Monthly
DOM-based cross-site scripting in the tagDiv Opt-In Builder WordPress plugin (td-subscription) affects all versions up to and including 1.7.4, allowing remote unauthenticated attackers to execute arbitrary JavaScript in a victim's browser when the victim interacts with a crafted link or page. The CVSS 3.1 scope-changed vector (7.1) reflects that injected script runs in the site's origin and can affect resources beyond the vulnerable component. No public exploit has been identified at time of analysis, and it is not listed in CISA KEV.
DOM-based cross-site scripting in the tagDiv Opt-In Builder WordPress plugin (td-subscription) affects all versions up to and including 1.7.4, allowing remote unauthenticated attackers to execute arbitrary JavaScript in a victim's browser when the victim interacts with a crafted link or page. The CVSS 3.1 scope-changed vector (7.1) reflects that injected script runs in the site's origin and can affect resources beyond the vulnerable component. No public exploit has been identified at time of analysis, and it is not listed in CISA KEV.