CVE-2022-3477

tagDiv Composer < 3.5 - Unauthenticated Account Takeover

CVSS 9.8 CRITICALEPSS 3.5%CWE-287

Vexday Risk Score

43Atención

Decisión SSVC (CISA)

Attend

PoC disponible → seguir de cerca

CVSS 9.8EPSS 3.5%KEV nãoPoC —Nuclei simMetasploit —Patch —

Ciclo de vida

14 nov 2022Publicada en NVD

Recomendación: Planificar corrección próxima — ya existe PoC pública.

The tagDiv Composer WordPress plugin before 3.5, required by the Newspaper WordPress theme before 12.1 and Newsmag WordPress theme before 5.2.2, does not properly implement the Facebook login feature, allowing unauthenticated attackers to login as any user by just knowing their email address

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Productos afectados

tagDiv · Newsmag tagDiv · Newspaper tagDiv · tagDiv Composer

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://wpscan.com/vulnerability/993a95d2-6fce-48de-ae17-06ce2db829ef