CVE-2026-39712
MEDIUMWordPress tagDiv Composer plugin <= 5.4.3 - Arbitrary Shortcode Execution vulnerability
Title source: cnaDescription
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in tagDiv tagDiv Composer td-composer allows Code Injection.This issue affects tagDiv Composer: from n/a through <= 5.4.3.
Scores
CVSS v3
5.3
EPSS
0.0005
EPSS Percentile
16.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Details
CWE
CWE-80
Status
published
Products (1)
tagDiv/tagDiv Composer
< 5.4.3
Published
Apr 08, 2026
Tracked Since
Apr 08, 2026