CVSS Score of 10 (low)


Published Sep 11, 2023
Updated: Nov 7, 2023


CVE-2023-3170 is a vulnerability found in the tagDiv Composer WordPress plugin before version 4.2, which is used as a companion by the Newspaper and Newsmag themes from tagDiv. This vulnerability allows users with Admin privileges to perform Stored Cross-Site Scripting (XSS) attacks, even when the unfiltered_html capability is disallowed. The affected products are those using the tagDiv Composer plugin before version 4.2. To remediate this issue, it is recommended to update the plugin to version 4.2 or later. This vulnerability poses a medium threat level with a base severity score of 4.8 out of 10, and it requires high privileges and user interaction for exploitation. The impact on integrity and confidentiality is low, while the attack vector is through the network.


Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-3170 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options