CVE-2022-3477

Summary

The tagDiv Composer WordPress plugin before 3.5, required by the Newspaper WordPress theme before 12.1 and Newsmag WordPress theme before 5.2.2, does not properly implement the Facebook login feature, allowing unauthenticated attackers to login as any user by just knowing their email address

Affected Software

VendorProductVersion RangeStatus
tagDivtagDiv Composer3.5 < 3.5affected
tagDivNewspaper12.1 < 12.1affected
tagDivNewsmag5.2.2 < 5.2.2affected

Weaknesses

  • CWE-287: CWE-287 Improper Authentication

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: total

References