Описание
The tagDiv Composer WordPress plugin before 3.5, required by the Newspaper WordPress theme before 12.1 and Newsmag WordPress theme before 5.2.2, does not properly implement the Facebook login feature, allowing unauthenticated attackers to login as any user by just knowing their email address
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 5.2.2 (исключая)Версия до 12.1 (исключая)Версия до 3.5 (исключая)
Одно из
cpe:2.3:a:newsmag_project:newsmag:*:*:*:*:*:wordpress:*:*
cpe:2.3:a:newspaper_project:newspaper:*:*:*:*:*:wordpress:*:*
cpe:2.3:a:tagdiv_composer_project:tagdiv_composer:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 98%
0.55323
Средний
9.8 Critical
CVSS3
Дефекты
CWE-287
CWE-287
Связанные уязвимости
CVSS3: 9.8
github
около 3 лет назад
The tagDiv Composer WordPress plugin before 3.5, required by the Newspaper WordPress theme before 12.1 and Newsmag WordPress theme before 5.2.2, does not properly implement the Facebook login feature, allowing unauthenticated attackers to login as any user by just knowing their email address
EPSS
Процентиль: 98%
0.55323
Средний
9.8 Critical
CVSS3
Дефекты
CWE-287
CWE-287