CVE-2022-3477

CRITICAL EXPLOITED NUCLEI

Newsmag < 5.2.2 - Authentication Bypass

Title source: rule

Description

The tagDiv Composer WordPress plugin before 3.5, required by the Newspaper WordPress theme before 12.1 and Newsmag WordPress theme before 5.2.2, does not properly implement the Facebook login feature, allowing unauthenticated attackers to login as any user by just knowing their email address

Nuclei Templates (1)

WordPress tagDiv Composer < 3.5 - Authentication Bypass

CRITICALVERIFIEDby melmathari

References (1)

[Exploit, Third Party Advisory] https://wpscan.com/vulnerability/993a95d2-6fce-48de-ae17-06ce2db829ef

Scores

CVSS v3 9.8

EPSS 0.6346

EPSS Percentile 98.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

VulnCheck KEV 2022-10-24

CWE

CWE-287

Status published

Products (3)

newsmag_project/newsmag < 5.2.2

newspaper_project/newspaper < 12.1

tagdiv_composer_project/tagdiv_composer < 3.5

Published Nov 14, 2022

Tracked Since Feb 18, 2026