GCVE - cpe:2.3:a:tagdiv:newspaper:*:*:*:*:*:wordpress:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:tagdiv:newspaper:*:*:*:*:*:wordpress:*:*

part: a version: * update: *

Vendor	Tagdiv (`4e687ca4-50b6-55c5-bb8c-ca6764b542c0`)
Product	Newspaper (`dce6f421-51a0-52ee-a425-fd3c7ca979a5`)
Edition	*
Language	*
Software edition	*
Target software	wordpress
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-3815`	vulnerable	2026-06-08 06:43:51.593048	Newspaper <= 12.6.5 - Authenticated (Author+) Stored Cross-Site Scripting via Attachment Meta MEDIUM (5.5) The Newspaper theme for WordPress is vulnerable to Stored Cross-Site Scripting via attachment meta in the archive page in all versions up to, and including, 12.6.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Published: 2024-06-15T02:01:59.377Z Updated: 2026-04-08T16:59:50.532Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/6f0a332f-b761-44b3-86e8-82411455ba3e?source=cve https://themeforest.net/item/newspaper/5489609	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-2627`	vulnerable	2026-06-08 05:43:35.913931	Newspaper < 12 - Reflected Cross-Site Scripting The Newspaper WordPress theme before 12 does not sanitise a parameter before outputting it back in an HTML attribute via an AJAX action, leading to a Reflected Cross-Site Scripting. Published: 2022-10-31T00:00:00.000Z Updated: 2025-05-08T19:09:27.046Z Open on db.gcve.eu Reference links https://wpscan.com/vulnerability/038327d0-568f-4011-9b7e-3da39e8b6aea	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-2167`	vulnerable	2026-06-08 05:42:50.379088	Newspaper < 12 - Reflected Cross-Site Scripting The Newspaper WordPress theme before 12 does not sanitise a parameter before outputting it back in an HTML attribute via an AJAX action, leading to a Reflected Cross-Site Scripting Published: 2022-10-31T00:00:00.000Z Updated: 2025-05-07T13:25:48.460Z Open on db.gcve.eu Reference links https://wpscan.com/vulnerability/ad35fbae-1e90-47a0-b1d2-f8d91a5db90e	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-18634`	vulnerable	2026-06-08 05:09:11.320930	Details available The newspaper theme before 6.7.2 for WordPress has script injection via td_ads[header] to admin-ajax.php. Published: 2019-09-16T11:18:24.000Z Updated: 2024-08-05T21:28:55.743Z Open on db.gcve.eu Reference links https://blog.sucuri.net/2017/06/unwanted-shorte-st-ads-in-unpatched-newspaper-theme.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-10972`	vulnerable	2026-06-08 05:07:25.914309	Details available The newspaper theme before 6.7.2 for WordPress has a lack of options access control via td_ajax_update_panel. Published: 2019-09-16T16:40:00.000Z Updated: 2024-08-06T03:47:33.553Z Open on db.gcve.eu Reference links https://wpvulndb.com/vulnerabilities/8852 https://www.exploit-db.com/exploits/39894	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.