Unrated severityNVD Advisory· Published Nov 14, 2022· Updated Apr 30, 2025
tagDiv Composer < 3.5 - Unauthenticated Account Takeover
CVE-2022-3477
Description
The tagDiv Composer WordPress plugin before 3.5, required by the Newspaper WordPress theme before 12.1 and Newsmag WordPress theme before 5.2.2, does not properly implement the Facebook login feature, allowing unauthenticated attackers to login as any user by just knowing their email address
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
6- Range: <5.2.2
- tagDiv/Newsmagv5Range: 5.2.2
- Range: 3.5
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.