{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-53222", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2025-06-27T10:27:53.890Z", "datePublished": "2026-03-19T08:10:35.552Z", "dateUpdated": "2026-04-01T15:56:31.413Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "td-subscription", "product": "tagDiv Opt-In Builder", "vendor": "tagDiv", "versions": [{"changes": [{"at": "1.7.4", "status": "unaffected"}], "lessThanOrEqual": "1.7.3", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Bonds | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-01T16:41:45.513Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tagDiv tagDiv Opt-In Builder td-subscription allows Reflected XSS.<p>This issue affects tagDiv Opt-In Builder: from n/a through <= 1.7.3.</p>"}], "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tagDiv tagDiv Opt-In Builder td-subscription allows Reflected XSS.This issue affects tagDiv Opt-In Builder: from n/a through <= 1.7.3."}], "impacts": [{"capecId": "CAPEC-591", "descriptions": [{"lang": "en", "value": "Reflected XSS"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-01T15:56:31.413Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Plugin/td-subscription/vulnerability/wordpress-tagdiv-opt-in-builder-plugin-1-7-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve"}], "title": "WordPress tagDiv Opt-In Builder plugin <= 1.7.3 - Reflected Cross Site Scripting (XSS) vulnerability"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-19T14:57:50.487349Z", "id": "CVE-2025-53222", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-19T14:58:28.548Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-53222", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-19T14:57:50.487349Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-19T14:58:18.896Z"}}], "cna": {"title": "WordPress tagDiv Opt-In Builder plugin <= 1.7.3 - Reflected Cross Site Scripting (XSS) vulnerability", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Bonds | Patchstack Bug Bounty Program"}], "impacts": [{"capecId": "CAPEC-591", "descriptions": [{"lang": "en", "value": "CAPEC-591 Reflected XSS"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "tagDiv", "product": "tagDiv Opt-In Builder", "versions": [{"status": "affected", "changes": [{"at": "1.7.4", "status": "unaffected"}], "version": "n/a", "versionType": "custom", "lessThanOrEqual": "1.7.3"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Update the WordPress tagDiv Opt-In Builder Plugin to the latest available version (at least 1.7.4).", "supportingMedia": [{"type": "text/html", "value": "Update the WordPress tagDiv Opt-In Builder Plugin to the latest available version (at least 1.7.4).", "base64": false}]}], "references": [{"url": "https://patchstack.com/database/wordpress/plugin/td-subscription/vulnerability/wordpress-tagdiv-opt-in-builder-plugin-1-7-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tagDiv tagDiv Opt-In Builder allows Reflected XSS.This issue affects tagDiv Opt-In Builder: from n/a through 1.7.3.", "supportingMedia": [{"type": "text/html", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tagDiv tagDiv Opt-In Builder allows Reflected XSS.<p>This issue affects tagDiv Opt-In Builder: from n/a through 1.7.3.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-03-19T08:10:35.552Z"}}}, "cveMetadata": {"cveId": "CVE-2025-53222", "state": "PUBLISHED", "dateUpdated": "2026-03-19T14:58:28.548Z", "dateReserved": "2025-06-27T10:27:53.890Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2026-03-19T08:10:35.552Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tagDiv tagDiv Opt-In Builder td-subscription allows Reflected XSS.This issue affects tagDiv Opt-In Builder: from n/a through <= 1.7.3."}, {"lang": "es", "value": "La vulnerabilidad de Neutralizaci\u00f3n Incorrecta de la Entrada Durante la Generaci\u00f3n de P\u00e1ginas Web ('cross-site scripting') en tagDiv tagDiv Opt-In Builder permite XSS Reflejado. Este problema afecta a tagDiv Opt-In Builder: desde n/d hasta 1.7.3."}], "id": "CVE-2025-53222", "lastModified": "2026-04-01T17:25:53.043", "metrics": {}, "published": "2026-03-19T09:16:15.873", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Plugin/td-subscription/vulnerability/wordpress-tagdiv-opt-in-builder-plugin-1-7-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "audit@patchstack.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.7.3]"}}], "enrichment": {"confidence": 86.0, "confidence_source": "matching", "scores": [{"score": 86.0, "source": "matching"}]}, "original": {"product": "tagDiv Opt-In Builder", "source": "cna", "vendor": "tagDiv"}, "product": "opt_in_builder", "vendor": "tagdiv"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-04-02T02:36:54.520462+00:00", "value": {"mitigation_remediation": ["Upgrade tagDiv Opt\u2011In Builder to a version newer than 1.7.3."], "summary": {"action": "Patch Now", "impact": "Reflected cross\u2011site scripting that allows execution of arbitrary client\u2011side code in users\u2019 browsers."}, "threat_synthesis": {"affected_systems": "The vulnerability affects the WordPress tagDiv Opt\u2011In Builder plugin for all releases from its earliest version through 1.7.3. Site administrators using any of these versions are exposed.", "description_and_impact": "Improper neutralization of input during web page generation in tagDiv Opt\u2011In Builder leads to reflected XSS. A crafted input can be reflected into a page and executed by a visitor\u2019s browser, potentially allowing attackers to steal session cookies, deface the site, or perform phishing attacks. This weakness falls under CWE\u201179, where user input is not safely encoded before output.", "risk_and_exploitability": "The EPSS score of less than 1% suggests a low likelihood of exploitation, and the issue is not listed in the CISA KEV catalog. However, reflected XSS can be activated by a simple URL or form injection, so an attacker only needs to persuade a user to visit a malicious link. The severity depends on the environment; in a typical site it could enable client\u2011side attacks but does not allow direct server compromise."}}}}, "created": "2026-03-20T08:57:11.076961+00:00", "updated": "2026-04-02T07:59:54.678155+00:00", "vendors": ["tagdiv", "tagdiv$PRODUCT$opt_in_builder", "wordpress", "wordpress$PRODUCT$wordpress"]}