Lucene search
WPScanCVE-2022-3907HistoryDec 05, 2022 - 5:15 p.m.
CVE-2022-3907
2022-12-0517:15:10
CWE-203
WPScan
web.nvd.nist.gov
29
clerk
wordpress plugin
cve-2022-3907
time-based attacks
api
validation
security vulnerability
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
0.002
Percentile
57.9%
The Clerk WordPress plugin before 4.0.0 is affected by time-based attacks in the validation function for all API requests due to the usage of comparison operators to verify API keys against the ones stored in the site options.
Affected configurations
Node
clerkclerk.ioRange<4.0.0wordpress
CNA Affected
[
{
"vendor": "Unknown",
"product": "Clerk",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThan": "4.0.0"
}
],
"defaultStatus": "unaffected",
"collectionURL": "https://wordpress.org/plugins"
}
]Related
nvd
nvd
CVE-2022-3907
2022-12-05 17:15:10
prion
prion
Cross site scripting
2022-12-05 17:15:00
patchstack
patchstack
wpvulndb
wpvulndb
Clerk < 4.0.0 - Authentication Bypass and API Keys Disclosure
2022-11-10 00:00:00
wpexploit
wpexploit
Clerk < 4.0.0 - Authentication Bypass and API Keys Disclosure
2022-11-10 00:00:00
cvelist
cvelist
CVE-2022-3907 Clerk < 4.0.0 - Authentication Bypass and API Keys Disclosure
2022-12-05 16:50:39
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
0.002
Percentile
57.9%
Related for CVE-2022-3907