CVE-2022-3477

The tagDiv Composer WordPress plugin before 3.5, required by the Newspaper WordPress theme before 12.1 and Newsmag WordPress theme before 5.2.2, does not properly implement the Facebook login feature, allowing unauthenticated attackers to login as any user by just knowing their email address...

Improper access control

The tagDiv Composer WordPress plugin before 3.5, required by the Newspaper WordPress theme before 12.1 and Newsmag WordPress theme before 5.2.2, does not properly implement the Facebook login feature, allowing unauthenticated attackers to login as any user by just knowing their email address...

CVE-2022-3477

The CVE-2022-3477 issue affects the WordPress tagDiv Composer before 3.5, which is used by the Newspaper theme before 12.1 and Newsmag theme before 5.2.2. Root cause: improper implementation of the Facebook login feature, enabling unauthenticated attackers who know a user’s email address to log i...

CVE-2022-3477 tagDiv Composer < 3.5 - Unauthenticated Account Takeover

The tagDiv Composer WordPress plugin before 3.5, required by the Newspaper WordPress theme before 12.1 and Newsmag WordPress theme before 5.2.2, does not properly implement the Facebook login feature, allowing unauthenticated attackers to login as any user by just knowing their email address...

WordPress plugin tagDiv Composer 授权问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on PHP and MySQL servers.WordPress plugin is an...

PT-2022-22320

Name of the Vulnerable Software and Affected Versions tagDiv Composer WordPress plugin versions prior to 3.5 Newspaper WordPress theme versions prior to 12.1 Newsmag WordPress theme versions prior to 5.2.2 Description The issue concerns the improper implementation of the Facebook login feature,...

EUVD-2022-42849

The tagDiv Composer WordPress plugin before 3.5, required by the Newspaper WordPress theme before 12.1 and Newsmag WordPress theme before 5.2.2, does not properly implement the Facebook login feature, allowing unauthenticated attackers to login as any user by just knowing their email address...

CVE-2022-3477 tagDiv Composer < 3.5 - Unauthenticated Account Takeover

The tagDiv Composer WordPress plugin before 3.5, required by the Newspaper WordPress theme before 12.1 and Newsmag WordPress theme before 5.2.2, does not properly implement the Facebook login feature, allowing unauthenticated attackers to login as any user by just knowing their email address...

tagDiv Composer < 3.5 - Unauthenticated Account Takeover

Description The plugin, required by the themes, does not properly implement the Facebook login feature, allowing unauthenticated attackers to login as any user by just knowing their email address Run the below command in the developer console of the web browser while being on the blog as an...

WordPress tagDiv Composer plugin < 3.5 - Unauthenticated Account Takeover vulnerability

Unauthenticated Account Takeover vulnerability discovered by Truoc Phan Techlab Corporation in WordPress tagDiv Composer plugin versions 3.5. Solution Update the WordPress tagDiv Composer plugin to the latest available version at least 3.5...

VulnCheck KEV: CVE-2022-3477

The tagDiv Composer WordPress plugin before 3.5, required by the Newspaper WordPress theme before 12.1 and Newsmag WordPress theme before 5.2.2, does not properly implement the Facebook login feature, allowing unauthenticated attackers to login as any user by just knowing their email address...

WordPress Cross-Site Scripting Vulnerability (CNVD-2021-53935)

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports the hosting of personal blog sites on PHP and MySQL servers. tagDiv Newspaper theme version 10.3.9.1 of WordPress has a cross-site scripting vulnerability that...

CVE-2021-3135

An issue was discovered in the tagDiv Newspaper theme 10.3.9.1 for WordPress. It allows XSS via the wp-admin/admin-ajax.php tdblockid parameter in a tdajaxblock API call...

Design/Logic Flaw

An issue was discovered in the tagDiv Newspaper theme 10.3.9.1 for WordPress. It allows XSS via the wp-admin/admin-ajax.php tdblockid parameter in a tdajaxblock API call...

CVE-2021-3135

The CVE-2021-3135 entry relates to the WordPress tagDiv Newspaper theme (version 10.3.9.1). The vulnerability is an XSS flaw exploitable via the wp-admin/admin-ajax.php td_block_id parameter in a td_ajax_block API call. Public documents consistently describe it as a cross-site scripting issue aff...

WordPress 跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports the hosting of personal blog sites on PHP and MySQL servers. tagDiv Newspaper theme version 10.3.9.1 of WordPress has a cross-site scripting vulnerability that...

ageliesergasias.gr XSS vulnerability

Open Bug Bounty ID: OBB-654798 Description| Value ---|--- Affected Website:| ageliesergasias.gr Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| newspaper theme by tagdiv 8.1.1 Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3...

enggwave.com XSS vulnerability

Open Bug Bounty ID: OBB-652984 Description| Value ---|--- Affected Website:| enggwave.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| newspaper theme by tagdiv 8.1.1 Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6....

duta.co XSS vulnerability

Open Bug Bounty ID: OBB-577388 Description| Value ---|--- Affected Website:| duta.co Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| newspaper theme from tagdiv Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

sneakerbardetroit.com XSS vulnerability

Open Bug Bounty ID: OBB-554092 Description| Value ---|--- Affected Website:| sneakerbardetroit.com Vulnerable Application:| newspaper theme from tagdiv Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Disclosure Standard:|...