CVE-2023-6036
Last modified
CVE-2023-6036 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. The Web3 WordPress plugin before 3.0.0 is vulnerable to an authentication bypass due to incorrect authentication checking in the login flow in functions 'handle_auth_request' and 'hadle_login_request'. This makes it possible for non authenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the username.. EPSS estimates a 1.77% chance of exploitation in the next 30 days.
Description
The Web3 WordPress plugin before 3.0.0 is vulnerable to an authentication bypass due to incorrect authentication checking in the login flow in functions 'handle_auth_request' and 'hadle_login_request'. This makes it possible for non authenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the username.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Miniorange | Web3 - Crypto Wallet Login \& Nft Token Gating | < 3.0.0 |
References
- https://wpscan.com/vulnerability/7f30ab20-805b-422c-a9a5-21d39c570ee4/Exploit, Third Party Advisory
- https://wpscan.com/vulnerability/7f30ab20-805b-422c-a9a5-21d39c570ee4/Exploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2023-6036?
How severe is CVE-2023-6036?
How do I fix CVE-2023-6036?
Are you affected by CVE-2023-6036?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST