Vulnerability Details CVE-2023-6036
The Web3 WordPress plugin before 3.0.0 is vulnerable to an authentication bypass due to incorrect authentication checking in the login flow in functions 'handle_auth_request' and 'hadle_login_request'. This makes it possible for non authenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the username.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.466
EPSS Ranking 97.6%
CVSS Severity
CVSS v3 Score 9.8
References
Products affected by CVE-2023-6036
-
cpe:2.3:a:miniorange:web3_-_crypto_wallet_login_&_nft_token_gating:-
-
cpe:2.3:a:miniorange:web3_-_crypto_wallet_login_&_nft_token_gating:1.0.0
-
cpe:2.3:a:miniorange:web3_-_crypto_wallet_login_&_nft_token_gating:1.0.1
-
cpe:2.3:a:miniorange:web3_-_crypto_wallet_login_&_nft_token_gating:1.0.2
-
cpe:2.3:a:miniorange:web3_-_crypto_wallet_login_&_nft_token_gating:1.0.3
-
cpe:2.3:a:miniorange:web3_-_crypto_wallet_login_&_nft_token_gating:1.0.4
-
cpe:2.3:a:miniorange:web3_-_crypto_wallet_login_&_nft_token_gating:2.0.1
-
cpe:2.3:a:miniorange:web3_-_crypto_wallet_login_&_nft_token_gating:2.1.0
-
cpe:2.3:a:miniorange:web3_-_crypto_wallet_login_&_nft_token_gating:2.1.2
-
cpe:2.3:a:miniorange:web3_-_crypto_wallet_login_&_nft_token_gating:2.3.5
-
cpe:2.3:a:miniorange:web3_-_crypto_wallet_login_&_nft_token_gating:2.3.6
-
cpe:2.3:a:miniorange:web3_-_crypto_wallet_login_&_nft_token_gating:2.5.0
-
cpe:2.3:a:miniorange:web3_-_crypto_wallet_login_&_nft_token_gating:2.6.0
-
cpe:2.3:a:miniorange:web3_-_crypto_wallet_login_&_nft_token_gating:2.7.0
-
cpe:2.3:a:miniorange:web3_-_crypto_wallet_login_&_nft_token_gating:2.8.0