Unrated severityNVD Advisory· Published Nov 14, 2022· Updated Apr 30, 2025

tagDiv Composer < 3.5 - Unauthenticated Account Takeover

CVE-2022-3477

Description

The tagDiv Composer WordPress plugin before 3.5, required by the Newspaper WordPress theme before 12.1 and Newsmag WordPress theme before 5.2.2, does not properly implement the Facebook login feature, allowing unauthenticated attackers to login as any user by just knowing their email address

Affected products

tagDiv/tagDiv Composerv5
Range: 3.5
Tagdiv/Newspaperv5
Range: 12.1
tagDiv/Newsmagv5
Range: 5.2.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

wpscan.com/vulnerability/993a95d2-6fce-48de-ae17-06ce2db829efmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.051
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000