Lucene search
WPScanCVELIST:CVE-2022-3477HistoryNov 14, 2022 - 12:00 a.m.
CVE-2022-3477 tagDiv Composer < 3.5 - Unauthenticated Account Takeover
2022-11-1400:00:00
CWE-287
WPScan
www.cve.org
cve-2022-3477
tagdiv composer
wordpress plugin
unauthenticated account takeover
newspaper theme
newsmag theme
facebook login
attackers
email address
The tagDiv Composer WordPress plugin before 3.5, required by the Newspaper WordPress theme before 12.1 and Newsmag WordPress theme before 5.2.2, does not properly implement the Facebook login feature, allowing unauthenticated attackers to login as any user by just knowing their email address
CNA Affected
[
{
"vendor": "tagDiv",
"product": "tagDiv Composer",
"versions": [
{
"version": "3.5",
"status": "affected",
"lessThan": "3.5",
"versionType": "custom"
}
]
},
{
"vendor": "tagDiv",
"product": "Newspaper",
"versions": [
{
"version": "12.1",
"status": "affected",
"lessThan": "12.1",
"versionType": "custom"
}
]
},
{
"vendor": "tagDiv",
"product": "Newsmag",
"versions": [
{
"version": "5.2.2",
"status": "affected",
"lessThan": "5.2.2",
"versionType": "custom"
}
]
}
]Related
wpexploit
wpexploit
tagDiv Composer < 3.5 - Unauthenticated Account Takeover
2022-10-24 00:00:00
cve
cve
CVE-2022-3477
2022-11-14 15:15:49
wpvulndb
wpvulndb
tagDiv Composer < 3.5 - Unauthenticated Account Takeover
2022-10-24 00:00:00
patchstack
patchstack
nvd
nvd
CVE-2022-3477
2022-11-14 15:15:49
prion
prion
Improper access control
2022-11-14 15:15:00