9.8
CVE-2022-3477
- EPSS 63.46%
- Veröffentlicht 14.11.2022 15:15:49
- Zuletzt bearbeitet 30.04.2025 20:15:18
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LogintagDiv Composer < 3.5 - Unauthorized Account Access and Privilege Escalation
The tagDiv Composer WordPress plugin before 3.5, required by the Newspaper WordPress theme before 12.1 and Newsmag WordPress theme before 5.2.2, does not properly implement the Facebook login feature, allowing unauthenticated attackers to login as any user by just knowing their email address
Mögliche Gegenmaßnahme
tagDiv Composer: Update to version 3.5, or a newer patched version
Newspaper - News & WooCommerce WordPress Theme: Update to version 12.1, or a newer patched version
Newsmag - Newspaper & Magazine WordPress Theme: Update to version 5.2.2, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
tagDiv Composer
Version
[*, 3.5)
SystemWordPress Theme
≫
Produkt
Newspaper - News & WooCommerce WordPress Theme
Version
*-12
SystemWordPress Theme
≫
Produkt
Newsmag - Newspaper & Magazine WordPress Theme
Version
*-5.2.1
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Newsmag Project ≫ Newsmag SwPlatformwordpress Version < 5.2.2
Newspaper Project ≫ Newspaper SwPlatformwordpress Version < 12.1
Tagdiv Composer Project ≫ Tagdiv Composer SwPlatformwordpress Version < 3.5
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 63.46% | 0.984 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.