CVE-2022-3477

tagDiv Composer < 3.5 - Unauthenticated Account Takeover

Severity Score

9.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The tagDiv Composer WordPress plugin before 3.5, required by the Newspaper WordPress theme before 12.1 and Newsmag WordPress theme before 5.2.2, does not properly implement the Facebook login feature, allowing unauthenticated attackers to login as any user by just knowing their email address

El complemento de WordPress tagDiv Composer anterior a 3.5, requerido por el tema Newspaper WordPress anterior a 12.1 y el tema Newsmag de WordPress anterior a 5.2.2, no implementa correctamente la función de inicio de sesión de Facebook, lo que permite a atacantes no autenticados iniciar sesión como cualquier usuario con solo conocer su dirección de correo electrónico.

The tagDiv Composer plugin for WordPress is vulnerable to Unauthorized Account Access and Privilege Escalation in versions up to, but not including, 3.5 due to improper implementation of the Facebook login feature. This allows unauthenticated attackers to log in as any user as long as they know the user's email address. This plugin is used in several themes such as Newspaper and Newsmag.

*Credits: Truoc Phan

CVSS Scores

NISTv3.1 9.8

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-10-12 CVE Reserved
2022-10-24 CVE Published
2024-06-06 EPSS Updated
2024-08-03 CVE Updated
2024-08-03 First Exploit
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-287: Improper Authentication
CWE-288: Authentication Bypass Using an Alternate Path or Channel

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC
https://wpscan.com/vulnerability/993a95d2-6fce-48de-ae17-06ce2db829ef	2024-08-03

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Newsmag Project Search vendor "Newsmag Project"		Newsmag Search vendor "Newsmag Project" for product "Newsmag"				< 5.2.2 Search vendor "Newsmag Project" for product "Newsmag" and version " < 5.2.2"		wordpress		Affected
Newspaper Project Search vendor "Newspaper Project"		Newspaper Search vendor "Newspaper Project" for product "Newspaper"				< 12.1 Search vendor "Newspaper Project" for product "Newspaper" and version " < 12.1"		wordpress		Affected
Tagdiv Composer Project Search vendor "Tagdiv Composer Project"		Tagdiv Composer Search vendor "Tagdiv Composer Project" for product "Tagdiv Composer"				< 3.5 Search vendor "Tagdiv Composer Project" for product "Tagdiv Composer" and version " < 3.5"		wordpress		Affected