← Volver a CVEs
CVE-2022-3477
CRITICAL9.8
Descripcion
The tagDiv Composer WordPress plugin before 3.5, required by the Newspaper WordPress theme before 12.1 and Newsmag WordPress theme before 5.2.2, does not properly implement the Facebook login feature, allowing unauthenticated attackers to login as any user by just knowing their email address
Detalles CVE
Puntuacion CVSS v3.19.8
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado11/14/2022
Ultima modificacion4/30/2025
Fuentenvd
Avistamientos honeypot0
Productos afectados
newsmag_project:newsmagnewspaper_project:newspapertagdiv_composer_project:tagdiv_composer
Debilidades (CWE)
CWE-287CWE-287
Referencias
https://wpscan.com/vulnerability/993a95d2-6fce-48de-ae17-06ce2db829ef(contact@wpscan.com)
https://wpscan.com/vulnerability/993a95d2-6fce-48de-ae17-06ce2db829ef(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.