CVE-2026-57732 HIGH

CVE-2026-57732: WordPress tagDiv Opt-In Builder plugin <= 1.7.4 - Cross Site Scripting (XSS) vulnerability

Vendor Tagdiv
Product tagDiv Opt-In Builder
Weakness CWE-79 · XSS
Published July 13, 2026
Last update July 13, 2026

CVSS base score

7.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

What the vulnerability does

01Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tagDiv tagDiv Opt-In Builder td-subscription allows DOM-Based XSS.This issue affects tagDiv Opt-In Builder: from n/a through <= 1.7.4.

Explanation of Vulnerability in Simple Terms

02Summary

tagDiv Opt-In Builder versions 1.7.4 and earlier contain a cross-site scripting (XSS) vulnerability. An attacker can inject malicious scripts that execute in visitors' browsers when they interact with the opt-in form. The vulnerability requires user interaction and can affect multiple users across the site. Update to a version newer than 1.7.4 to remediate.

What an attacker can do

03Attacker Capabilities

Inject malicious scripts that run in visitors' browsers when they interact with the opt-in form.

Potential impact on your site

04Site Impact

Visitors' browsers can be compromised; attackers may steal credentials, session tokens, or redirect users to malicious sites.

Conditions required to exploit

05Prerequisites

No authentication required. Visitor must interact with the affected opt-in form (click, submit, or view).

Key dates

06Disclosure timeline

July 13, 2026 CVE published
July 13, 2026 Record updated

Related vulnerabilities

08Related CVE