vulnerability

WordPress Theme: newsmag: CVE-2022-3477: Authentication Bypass Using an Alternate Path or Channel

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
10	(AV:N/AC:L/Au:N/C:C/I:C/A:C)	Oct 24, 2022	Dec 8, 2025	Dec 8, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:C/I:C/A:C)

Published

Oct 24, 2022

Added

Dec 8, 2025

Modified

Dec 8, 2025

Description

The tagDiv Composer plugin for WordPress is vulnerable to Unauthorized Account Access and Privilege Escalation in versions up to, but not including, 3.5 due to improper implementation of the Facebook login feature. This allows unauthenticated attackers to log in as any user as long as they know the user's email address. This plugin is used in several themes such as Newspaper and Newsmag.

Solution

newsmag-theme-cve-2022-3477

References

URL-https://www.cve.org/CVERecord?id=CVE-2022-3477
URL-https://www.wordfence.com/threat-intel/vulnerabilities/id/b8347b4e-a5ba-49c5-9ae6-690a1a5c9aac?source=api-prod
CVE-2022-3477
https://attackerkb.com/topics/CVE-2022-3477
CWE-287

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today