Lucene search
WPScanCVELIST:CVE-2023-6036HistoryFeb 12, 2024 - 4:06 p.m.
CVE-2023-6036 Web3 – Crypto wallet Login & NFT token gating < 3.0.0 - Authentication Bypass
2024-02-1216:06:00
WPScan
www.cve.org
web3 wordpress plugin
authentication bypass
cve-2023-6036
non-authenticated attackers
administrator
The Web3 WordPress plugin before 3.0.0 is vulnerable to an authentication bypass due to incorrect authentication checking in the login flow in functions ‘handle_auth_request’ and ‘hadle_login_request’. This makes it possible for non authenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the username.
CNA Affected
[
{
"vendor": "Unknown",
"product": "Web3",
"versions": [
{
"status": "affected",
"versionType": "semver",
"version": "0",
"lessThan": "3.0.0"
}
],
"defaultStatus": "unaffected",
"collectionURL": "https://wordpress.org/plugins"
}
]Related
wpexploit
wpexploit
prion
prion
Authentication flaw
2024-02-12 16:15:00
nvd
nvd
CVE-2023-6036
2024-02-12 16:15:07
wpvulndb
wpvulndb
cve
cve
CVE-2023-6036
2024-02-12 16:15:07
githubexploit
githubexploit
Exploit for CVE-2023-6036
2024-01-31 16:58:48