Clerk: Security Vulnerabilities
Clerk helps developers build user management. Unauthorized access or privilege escalation due to a logic flaw in auth() in the App Router or getAuth() in the Pages Router. This vulnerability was patched in version 4.29.3.
CVSS Score
9.0
EPSS Score
0.003
Published
2024-01-12
The Clerk WordPress plugin before 4.0.0 is affected by time-based attacks in the validation function for all API requests due to the usage of comparison operators to verify API keys against the ones stored in the site options.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-12-05