Primary

Context

TagDiv Composer WordPress Plugin PHP Object Instantiation Vulnerability

Vulnerability

Patched

A vulnerability allowing arbitrary PHP object instantiation has been identified in the TagDiv Composer plugin for WordPress, affecting all versions through 5.3. This vulnerability allows unauthenticated attackers to instantiate PHP objects via the module parameter. While no known payload chain exists within the vulnerable software itself, the impact could be significant if another plugin or theme containing a payload chain is installed on the same site. In such cases, the vulnerability could potentially be exploited to delete arbitrary files, access sensitive data, or execute code, depending on the nature of the payload chain.

Impact

Exploitation of this vulnerability could lead to unauthorized PHP object instantiation, with potential for further exploitation if a payload chain is available through another plugin or theme.

Remediation

Users are advised to update the TagDiv Composer plugin to version 5.4 or later.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

0.0

exploitability

7.6

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

0.0

exploitability

7.6

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

TagDiv Composer WordPress Plugin PHP Object Instantiation Vulnerability

Vulnerability

Impact

Remediation

Affected Products

tagDiv Composer

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating