CVE-2022-3477

Exploit

EPSS 3.55%
Veröffentlicht 14.11.2022 15:15:49
Zuletzt bearbeitet 30.04.2025 20:15:18
Quelle contact@wpscan.com
CVE-Watchlists
Login
Unerledigt
Login

tagDiv Composer < 3.5 - Unauthenticated Account Takeover

tagDiv Composer < 3.5 - Unauthorized Account Access and Privilege Escalation

The tagDiv Composer WordPress plugin before 3.5, required by the Newspaper WordPress theme before 12.1 and Newsmag WordPress theme before 5.2.2, does not properly implement the Facebook login feature, allowing unauthenticated attackers to login as any user by just knowing their email address

Mögliche Gegenmaßnahme

tagDiv Composer: Update to version 3.5, or a newer patched version

Newspaper - News & WooCommerce WordPress Theme: Update to version 12.1, or a newer patched version

Newsmag - Newspaper & Magazine WordPress Theme: Update to version 5.2.2, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

NVD 3 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Newsmag Project ≫ Newsmag SwPlatformwordpress Version < 5.2.2

Newspaper Project ≫ Newspaper SwPlatformwordpress Version < 12.1

Tagdiv Composer Project ≫ Tagdiv Composer SwPlatformwordpress Version < 3.5

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt tagDiv Composer

Version [*, 3.5)

SystemWordPress Theme

≫

Produkt Newspaper - News & WooCommerce WordPress Theme

Version *-12

SystemWordPress Theme

≫

Produkt Newsmag - Newspaper & Magazine WordPress Theme

Version *-5.2.1

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	3.55%	0.878

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

https://wpscan.com/vulnerability/993a95d2-6fce-48de-ae17-06ce2db829ef

Third Party Advisory

Exploit

https://www.wordfence.com/threat-intel/vulnerabilities/id/b8347b4e-a5ba-49c5-9ae6-690a1a5c9aac

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-3477

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-3477

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-3477

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-3477