Issue
The vulnerability in the tagDiv Composer WordPress plugin required by some themes allows unauthenticated attackers to login just by knowing a legit email address.
Environment
- Imunify360
- WordPress
- TagDiv Composer
- ModSecurity
Solution
Yes. The necessary rules have been added to Imunify360 ModSecurity ruleset version 4.93.
Cause
The Facebook login feature is not properly implemented by the plugin, allowing unauthenticated account takeover.
Comments
0 comments
Please sign in to leave a comment.