The Web3 WordPress plugin before 3.0.0 is vulnerable to an authentication bypass due to incorrect authentication checking in the login flow in functions 'handle_auth_request' and 'hadle_login_request'. This makes it possible for non authenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the username.
History

Tue, 08 Oct 2024 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Miniorange
Miniorange web3 - Crypto Wallet Login \& Nft Token Gating
Weaknesses CWE-863
CPEs cpe:2.3:a:miniorange:web3_-_crypto_wallet_login_\&_nft_token_gating:*:*:*:*:*:wordpress:*:*
Vendors & Products Miniorange
Miniorange web3 - Crypto Wallet Login \& Nft Token Gating
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2024-02-12T16:06:00.820Z

Updated: 2024-08-02T08:21:17.074Z

Reserved: 2023-11-08T17:10:19.079Z

Link: CVE-2023-6036

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2024-02-12T16:15:07.983

Modified: 2024-11-21T08:43:01.150

Link: CVE-2023-6036

cve-icon Redhat

No data.