CVE-2026-57733
Received Received - Intake

DOM-Based XSS in tagDiv Cloud Library

Vulnerability report for CVE-2026-57733, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-13

Last updated on: 2026-07-13

Assigner: Patchstack

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tagDiv tagDiv Cloud Library td-cloud-library allows DOM-Based XSS.This issue affects tagDiv Cloud Library: from n/a through <= 3.9.4.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-13
Last Modified
2026-07-13
Generated
2026-07-13
AI Q&A
2026-07-13
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
tagdiv tagdiv_cloud_library to 3.9.4 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-57733 is a Cross-site Scripting (XSS) vulnerability found in the WordPress tagDiv Cloud Library Plugin versions 3.9.4 and below. It occurs due to improper neutralization of input during web page generation, specifically a DOM-Based XSS issue. This means that attackers can inject malicious scripts into web pages generated by the plugin.

When a visitor accesses a compromised site, these malicious scripts can execute in their browser, potentially causing harmful effects such as redirects, displaying unwanted advertisements, or other malicious HTML payloads.

Exploitation requires user interaction, like clicking a malicious link or visiting a specially crafted page.

Impact Analysis

This vulnerability can impact you by allowing attackers to inject and execute malicious scripts on your website visitors' browsers. This can lead to several harmful consequences including:

  • Redirecting visitors to malicious or phishing websites.
  • Displaying unwanted or harmful advertisements.
  • Executing other malicious HTML or JavaScript payloads that could compromise user data or site integrity.

Because the attack requires user interaction, it can be used in mass-exploit campaigns targeting many websites, increasing the risk of widespread impact.

Until an official patch is released, mitigation rules are recommended to block attacks.

Detection Guidance

The vulnerability in the tagDiv Cloud Library Plugin allows attackers to inject malicious scripts that execute when users interact with crafted pages or links. Detection typically involves monitoring for unusual or suspicious script injections or unexpected redirects in web traffic.

Since the vulnerability is DOM-based Cross-site Scripting (XSS), detection can include analyzing HTTP requests and responses for suspicious payloads or script tags that are not properly neutralized.

Specific commands or tools are not provided in the available resources, but general approaches include using web vulnerability scanners that detect XSS, inspecting web server logs for suspicious query parameters, and employing browser developer tools to monitor DOM changes triggered by user input.

Mitigation Strategies

Immediate mitigation steps include updating the tagDiv Cloud Library Plugin to a version above 3.9.4 once an official patch is released.

Until an official fix is available, applying the mitigation rule issued by Patchstack to block attacks targeting this vulnerability is advised.

Additionally, seeking assistance from your hosting provider or a developer to implement temporary protective measures can help reduce risk.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-57733. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart