Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2022-3477
PUBLISHED
More InfoOfficial Page
Assigner-WPScan
Assigner Org ID-1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81
View Known Exploited Vulnerability (KEV) details
Published At-14 Nov, 2022 | 00:00
Updated At-30 Apr, 2025 | 19:15
Rejected At-
▼CVE Numbering Authority (CNA)
tagDiv Composer < 3.5 - Unauthenticated Account Takeover

The tagDiv Composer WordPress plugin before 3.5, required by the Newspaper WordPress theme before 12.1 and Newsmag WordPress theme before 5.2.2, does not properly implement the Facebook login feature, allowing unauthenticated attackers to login as any user by just knowing their email address

Affected Products
Vendor
tagDiv
Product
tagDiv Composer
Versions
Affected
  • From 3.5 before 3.5 (custom)
Vendor
tagDiv
Product
Newspaper
Versions
Affected
  • From 12.1 before 12.1 (custom)
Vendor
tagDiv
Product
Newsmag
Versions
Affected
  • From 5.2.2 before 5.2.2 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-287CWE-287 Improper Authentication
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Truoc Phan
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://wpscan.com/vulnerability/993a95d2-6fce-48de-ae17-06ce2db829ef
N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://wpscan.com/vulnerability/993a95d2-6fce-48de-ae17-06ce2db829ef
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-287CWE-287 Improper Authentication
Metrics
VersionBase scoreBase severityVector
3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found