CVE-2024-3813: 
WordPress vulnerability analysis and mitigation

The tagDiv Composer plugin for WordPress is vulnerable to Local File Inclusion (LFI) in versions up to and including 4.8. The vulnerability was discovered and disclosed on June 14, 2024. The issue affects the 'tdblocktitle' shortcode's 'blocktemplateid' attribute, which can be exploited by authenticated users with contributor-level permissions or higher (NVD).

The vulnerability allows authenticated attackers with contributor-level access to include and execute arbitrary files on the server through the 'tdblocktitle' shortcode's 'blocktemplateid' attribute. This enables the execution of any PHP code contained within those files. The vulnerability has been assigned a CVSS v3.1 score of 8.8 HIGH, indicating significant severity (Wordfence).

The exploitation of this vulnerability can lead to serious security breaches including bypass of access controls, unauthorized access to sensitive data, and potential code execution in cases where PHP files can be uploaded and included. This poses a significant risk to affected WordPress installations (NVD).

Website administrators should update the tagDiv Composer plugin to a version newer than 4.8 as soon as possible. The vulnerability has been patched in newer versions (TagDiv).