{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-1705", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-02-25T23:40:03.384Z", "datePublished": "2025-03-28T08:23:44.395Z", "dateUpdated": "2026-04-08T16:43:32.192Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:43:32.192Z"}, "affected": [{"vendor": "tagDiv", "product": "tagDiv Composer", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "5.3", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The tagDiv Composer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.3. This is due to missing or incorrect nonce validation within the td_ajax_get_views AJAX action. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}], "title": "tagDiv Composer <= 5.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2aaa8c34-cf7b-4630-adc8-cbb534deff89?source=cve"}, {"url": "https://tagdiv.com/tagdiv-composer-page-builder-basics/"}, {"url": "https://themeforest.net/item/newspaper/5489609"}, {"url": "https://tagdiv.com/newspaper-changelog/"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "cweId": "CWE-79", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Truoc Phan"}], "timeline": [{"time": "2025-03-27T19:53:56.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-28T13:54:53.599431Z", "id": "CVE-2025-1705", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-28T13:55:01.328Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-1705", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-28T13:54:53.599431Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-28T13:54:57.236Z"}}], "cna": {"title": "tagDiv Composer <= 5.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "credits": [{"lang": "en", "type": "finder", "value": "Truoc Phan"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}}], "affected": [{"vendor": "tagDiv", "product": "tagDiv Composer", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "5.3"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-03-27T19:53:56.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2aaa8c34-cf7b-4630-adc8-cbb534deff89?source=cve"}, {"url": "https://tagdiv.com/tagdiv-composer-page-builder-basics/"}, {"url": "https://themeforest.net/item/newspaper/5489609"}, {"url": "https://tagdiv.com/newspaper-changelog/"}], "descriptions": [{"lang": "en", "value": "The tagDiv Composer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.3. This is due to missing or incorrect nonce validation within the td_ajax_get_views AJAX action. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:43:32.192Z"}}}, "cveMetadata": {"cveId": "CVE-2025-1705", "state": "PUBLISHED", "dateUpdated": "2026-04-08T16:43:32.192Z", "dateReserved": "2025-02-25T23:40:03.384Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-03-28T08:23:44.395Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The tagDiv Composer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.3. This is due to missing or incorrect nonce validation within the td_ajax_get_views AJAX action. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}, {"lang": "es", "value": "El complemento tagDiv Composer para WordPress es vulnerable a Cross-Site Request Forgery en todas las versiones hasta la 5.3 incluida. Esto se debe a la falta o a una validaci\u00f3n incorrecta de nonce en la acci\u00f3n AJAX td_ajax_get_views. Esto permite que atacantes no autenticados inyecten scripts web maliciosos mediante una solicitud falsificada, ya que pueden enga\u00f1ar al administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace."}], "id": "CVE-2025-1705", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-03-28T09:15:13.917", "references": [{"source": "security@wordfence.com", "url": "https://tagdiv.com/newspaper-changelog/"}, {"source": "security@wordfence.com", "url": "https://tagdiv.com/tagdiv-composer-page-builder-basics/"}, {"source": "security@wordfence.com", "url": "https://themeforest.net/item/newspaper/5489609"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2aaa8c34-cf7b-4630-adc8-cbb534deff89?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-22T17:39:47.278122+00:00", "value": {"mitigation_remediation": ["Update tagDiv Composer to the latest version that includes correct nonce validation (any release newer than 5.3).", "If an update is not immediately available, remove or restrict access to the td_ajax_get_views AJAX action for non\u2011admin users or disable the plugin entirely until patched.", "Enhance site security by enforcing stringent strict\u2011mode content\u2011security policies that block inline scripts and by using a web\u2011application firewall to detect and block malicious CSRF attempts."], "summary": {"action": "Patch Now", "impact": "Stored Cross\u2011Site Scripting via CSRF"}, "threat_synthesis": {"affected_systems": "WordPress installations running tagDiv Composer versions 5.3 or earlier are affected; the flaw exists in the core Composer plugin that is commonly bundled with themes such as Newspaper. Any site that has not applied a newer Composer release is vulnerable.", "description_and_impact": "The tagDiv Composer plugin for WordPress contains a Cross\u2011Site Request Forgery flaw in the td_ajax_get_views AJAX action. Because the plugin omits correct nonce validation, an unauthenticated attacker can build a forged request that, if a site administrator unknowingly triggers it, injects arbitrary JavaScript that is stored on the site. The resulting stored XSS can allow the attacker to hijack the administrator\u2019s session, deface content, or exfiltrate sensitive information. The weakness is a classic input\u2011validation flaw, classified as CWE\u201179.", "risk_and_exploitability": "The CVSS score of 6.1 indicates moderate severity. EPSS is below 1\u202f%, suggesting rare exploitation, and the vulnerability is not listed in CISA KEV. Attackers need to trick an authenticated administrator into visiting a crafted URL to activate the CSRF request, implying a social\u2011engineering prerequisite rather than network\u2011level access. The risk remains moderate but could be elevated in high\u2011value sites where admins are frequently targeted."}}}}, "created": "2025-07-12T15:26:25.371948+00:00", "updated": "2026-04-22T17:45:22.924808+00:00", "vendors": ["tagdiv", "tagdiv$PRODUCT$tagdiv_composer", "wordpress", "wordpress$PRODUCT$wordpress"]}