CVE-2022-3477 Vulnerability Details

  /     /     /  

CVE-2022-3477 Metadata Quick Info

CVE Published: 14/11/2022 | CVE Updated: 03/08/2024 | CVE Year: 2022
Source: WPScan | Vendor: tagDiv | Product: tagDiv Composer
Status : PUBLISHED

---

CVE-2022-3477 Description

The tagDiv Composer WordPress plugin before 3.5, required by the Newspaper WordPress theme before 12.1 and Newsmag WordPress theme before 5.2.2, does not properly implement the Facebook login feature, allowing unauthenticated attackers to login as any user by just knowing their email address

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-287
CWE Name: CWE-287 Improper Authentication
Source: tagDiv

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).