Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Newspaper
(Tagdiv)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 5 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-10-31 | CVE-2022-2167 | The Newspaper WordPress theme before 12 does not sanitise a parameter before outputting it back in an HTML attribute via an AJAX action, leading to a Reflected Cross-Site Scripting | Newspaper | 6.1 | ||
| 2022-10-31 | CVE-2022-2627 | The Newspaper WordPress theme before 12 does not sanitise a parameter before outputting it back in an HTML attribute via an AJAX action, leading to a Reflected Cross-Site Scripting. | Newspaper | 6.1 | ||
| 2021-07-19 | CVE-2021-3135 | An issue was discovered in the tagDiv Newspaper theme 10.3.9.1 for WordPress. It allows XSS via the wp-admin/admin-ajax.php td_block_id parameter in a td_ajax_block API call. | Newspaper | 6.1 | ||
| 2019-09-16 | CVE-2017-18634 | The newspaper theme before 6.7.2 for WordPress has script injection via td_ads[header] to admin-ajax.php. | Newspaper | N/A | ||
| 2019-09-16 | CVE-2016-10972 | The newspaper theme before 6.7.2 for WordPress has a lack of options access control via td_ajax_update_panel. | Newspaper | N/A |