May 15, 2023, 1:15 p.m. |

National Vulnerability Database web.nvd.nist.gov

The tagDiv Composer WordPress plugin before 4.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

back composer cross-site cve escape high parameter plugin privilege scripting wordpress wordpress plugin

Cybersecurity Consultant

@ Devoteam | Cité Mahrajène, Tunisia

GTI Manager of Cybersecurity Operations

@ Grant Thornton | Phoenix, AZ, United States

(Senior) Director of Information Governance, Risk, and Compliance

@ SIXT | Munich, Germany

Information System Security Engineer

@ Space Dynamics Laboratory | North Logan, UT

Intelligence Specialist (Threat/DCO) - Level 3

@ Constellation Technologies | Fort Meade, MD

Cybersecurity GRC Specialist (On-site)

@ EnerSys | Reading, PA, US, 19605