What is CVE-2022-3477?

CVE-2022-3477 is a vulnerability in Tagdiv Newsmag, classified under Improper Authentication. Published 2022-11-14.

Is CVE-2022-3477 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Auth bypass in Tagdiv Newsmag

CVE-2022-3477

The tagDiv Composer WordPress plugin before 3.5, required by the Newspaper WordPress theme before 12.1 and Newsmag WordPress theme before 5.2.2, does not properly implement the Facebook login feature, allowing unauthenticated attackers to…

Vulnerability class: Broken Authentication

EPSS: 0.635 (98.4th percentile) — read the EPSS interpretation.

Affected products

Tagdiv Newsmag — versions 5.2.2
Tagdiv Newspaper — versions 12.1
Tagdiv Composer — versions 3.5

Weakness classification (CWE)

CWE-287 — Improper Authentication

Public proof-of-concept exploits

20142995/nuclei-templates
ARPSyndicate/cve-scores
truocphan/VulnBox

References

wpscan.com/vulnerability/993a95d2-6fce-48de-ae17-06ce2db829ef

Frequently asked questions

What is CVE-2022-3477?: CVE-2022-3477 is a vulnerability in Tagdiv Newsmag, classified under Improper Authentication. Published 2022-11-14.
Is CVE-2022-3477 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.