The vulnerability in the tagDiv Composer WordPress plugin required by some themes allows unauthenticated attackers to login just by knowing a legit email address.
- TagDiv Composer
Yes. The necessary rules have been added to Imunify360 ModSecurity ruleset version 4.93.
The Facebook login feature is not properly implemented by the plugin, allowing unauthenticated account takeover.