CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-3249

The Web3 – Crypto wallet Login & NFT token gating plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.6.0. This is due to incorrect authentication checking in the 'hidden_form_data' function. This makes it possible for authenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the username.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 27.4%

CVSS Severity

CVSS v3 Score 9.8

References

Products affected by CVE-2023-3249

Miniorange » Web3 - Crypto Wallet Login & Nft Token Gating » Version: N/A

cpe:2.3:a:miniorange:web3_-_crypto_wallet_login_&_nft_token_gating:-
Miniorange » Web3 - Crypto Wallet Login & Nft Token Gating » Version: 1.0.0

cpe:2.3:a:miniorange:web3_-_crypto_wallet_login_&_nft_token_gating:1.0.0
Miniorange » Web3 - Crypto Wallet Login & Nft Token Gating » Version: 1.0.1

cpe:2.3:a:miniorange:web3_-_crypto_wallet_login_&_nft_token_gating:1.0.1
Miniorange » Web3 - Crypto Wallet Login & Nft Token Gating » Version: 1.0.2

cpe:2.3:a:miniorange:web3_-_crypto_wallet_login_&_nft_token_gating:1.0.2
Miniorange » Web3 - Crypto Wallet Login & Nft Token Gating » Version: 1.0.3

cpe:2.3:a:miniorange:web3_-_crypto_wallet_login_&_nft_token_gating:1.0.3
Miniorange » Web3 - Crypto Wallet Login & Nft Token Gating » Version: 1.0.4

cpe:2.3:a:miniorange:web3_-_crypto_wallet_login_&_nft_token_gating:1.0.4
Miniorange » Web3 - Crypto Wallet Login & Nft Token Gating » Version: 2.0.1

cpe:2.3:a:miniorange:web3_-_crypto_wallet_login_&_nft_token_gating:2.0.1
Miniorange » Web3 - Crypto Wallet Login & Nft Token Gating » Version: 2.1.0

cpe:2.3:a:miniorange:web3_-_crypto_wallet_login_&_nft_token_gating:2.1.0
Miniorange » Web3 - Crypto Wallet Login & Nft Token Gating » Version: 2.1.2

cpe:2.3:a:miniorange:web3_-_crypto_wallet_login_&_nft_token_gating:2.1.2
Miniorange » Web3 - Crypto Wallet Login & Nft Token Gating » Version: 2.3.5

cpe:2.3:a:miniorange:web3_-_crypto_wallet_login_&_nft_token_gating:2.3.5
Miniorange » Web3 - Crypto Wallet Login & Nft Token Gating » Version: 2.3.6

cpe:2.3:a:miniorange:web3_-_crypto_wallet_login_&_nft_token_gating:2.3.6
Miniorange » Web3 - Crypto Wallet Login & Nft Token Gating » Version: 2.5.0

cpe:2.3:a:miniorange:web3_-_crypto_wallet_login_&_nft_token_gating:2.5.0
Miniorange » Web3 - Crypto Wallet Login & Nft Token Gating » Version: 2.6.0

cpe:2.3:a:miniorange:web3_-_crypto_wallet_login_&_nft_token_gating:2.6.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-3249

Products

Pricing

Contact Us