Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistWPScanCVELIST:CVE-2022-3907
HistoryDec 05, 2022 - 4:50 p.m.

CVE-2022-3907 Clerk < 4.0.0 - Authentication Bypass and API Keys Disclosure

2022-12-0516:50:39
WPScan
www.cve.org
4
clerk
wordpress
plugin
authentication bypass
time-based attacks
api keys disclosure
cve-2022-3907

EPSS

0.002

Percentile

57.9%

JSON

The Clerk WordPress plugin before 4.0.0 is affected by time-based attacks in the validation function for all API requests due to the usage of comparison operators to verify API keys against the ones stored in the site options.

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "Clerk",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "4.0.0"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]

Related

nvd 1
prion 1
wpvulndb 1
wpexploit 1
patchstack 1
cve 1
nvd
nvd
CVE-2022-3907
2022-12-05 17:15:10
prion
prion
Cross site scripting
2022-12-05 17:15:00
wpvulndb
wpvulndb
Clerk < 4.0.0 - Authentication Bypass and API Keys Disclosure
2022-11-10 00:00:00
wpexploit
wpexploit
Clerk < 4.0.0 - Authentication Bypass and API Keys Disclosure
2022-11-10 00:00:00
patchstack
patchstack
WordPress Clerk plugin <= 3.8.2 - Auth. Bypass and API Keys Disclosure vulnerability
2022-11-10 00:00:00
cve
cve
CVE-2022-3907
2022-12-05 17:15:10

EPSS

0.002

Percentile

57.9%

JSON
Related for CVELIST:CVE-2022-3907
nvd1prion1wpvulndb1wpexploit1patchstack1cve1