tagDiv Composer
td-composerVulnerabilities:
16
Last Updated:
February 1, 2026
Active Installs:
n/a
Published
Title
Fixed in
CVSS
Published
2025-10-16
Fixed in
Fixed in 5.4.2
CVSS
6.4 (medium)
Published
2025-10-09
Fixed in
Fixed in 5.4.2
CVSS
7.2 (high)
Published
2025-05-07
Fixed in
Fixed in 5.4
CVSS
6.1 (medium)
Published
2025-05-01
Fixed in
Fixed in 5.4.1
CVSS
6.4 (medium)
Published
2025-04-03
Fixed in
Fixed in 5.4
CVSS
9.8 (critical)
Published
2025-03-27
Fixed in
Fixed in 5.4
CVSS
6.1 (medium)
Published
2025-03-27
Title
tagDiv Composer < 5.4 - Reflected Cross-Site Scripting via 'account_id' and 'account_username'
Fixed in
Fixed in 5.4
CVSS
6.1 (medium)
Published
2024-08-30
Fixed in
Fixed in 5.1
CVSS
6.1 (medium)
Published
2024-08-30
Fixed in
Fixed in 5.1
CVSS
6.1 (medium)
Published
2024-06-03
Fixed in
Fixed in 4.9
CVSS
6.4 (medium)
Published
2024-04-18
Fixed in
Fixed in 4.9
CVSS
8.8 (high)
Published
2024-04-18
Title
tagDiv Composer < 4.9 - Authenticated (Author+) Stored Cross-Site Scripting via Attachment Meta
Fixed in
Fixed in 4.9
CVSS
5.5 (medium)
Published
2023-08-17
Fixed in
Fixed in 4.2
CVSS
8.8 (high)
Published
2023-08-17
Fixed in
Fixed in 4.2
CVSS
3.5 (low)
Published
2023-04-24
Fixed in
Fixed in 4.0
CVSS
7.1 (high)
Published
2022-10-24
Fixed in
Fixed in 3.5
CVSS
10.0 (critical)
WPScan 