CVE-2022-3477 Scanner

The WordPress tagDiv Composer is a popular plugin used by websites employing the Newspaper and Newsmag themes. It is often utilized by content creators and editors for enhancing blog layouts without coding knowledge. The plugin offers various components like post grids, sliders, and image boxes for flexibility in design customization. Business owners, marketing professionals, and bloggers leverage this tool to improve the visual appeal of their sites. Its ease of use means that many websites, especially in the news and media industries, rely heavily on tagDiv Composer for efficient content management. As part of a broader toolset in WordPress, it integrates with social media platforms, including Facebook, for extended functionality.

This vulnerability relates to unauthorized admin access in the WordPress tagDiv Composer plugin. Unauthenticated attackers can exploit a flaw in the Facebook login feature to log in as any user simply by knowing the user's email address. This security lapse poses a critical risk as it bypasses standard authentication protocols. While typically authentication methods in WordPress aim to protect user integrity, this exploitation opens the system to potential control by unauthorized entities. Detailed scrutiny reveals it as a significant flaw in the plugin's login procedure. Securing authentication processes is hence vital to prevent exploitation by malicious actors.

The technical issue stems from the improper implementation of the Facebook login feature in WordPress tagDiv Composer. Attackers can spoof valid login requests by sending unauthorized POST requests to wp-admin/admin-ajax.php. The vulnerable endpoint accepts email addresses without verifying the authenticity of the sender, allowing session hijacking. The vulnerable parameter appears in the 'action' segment of the HTTP request as 'td_ajax_fb_login_user'. A successful exploitation returns a 200 status code along with a success message in the response body. This highlights the need to verify all external input during authentication phases to prevent unauthorized access.

Possible effects of exploiting this vulnerability include unauthorized administrative access to the WordPress site. Attackers can gain full control over site settings, publish malicious content, or remove legitimate users. The compromise could lead to data breaches, violating user privacy and confidentiality. Websites might experience defacement or distribution of malware, affecting reputation and reliability. For e-commerce sites, the risk involves the exposure of sensitive customer data. Effective exploitation could also lead to backdoors being installed, accessible for later unauthorized intrusions.

REFERENCES

• https://wpscan.com/vulnerability/993a95d2-6fce-48de-ae17-06ce2db829ef
• https://nvd.nist.gov/vuln/detail/CVE-2022-3477