3 matches found
CVE-2022-3907
CVE-2022-3907 affects the Clerk WordPress plugin prior to 4.0.0. Multiple connected sources describe a time-based issue in the API key validation function that compares keys against values stored in site options, enabling an authentication bypass/ API keys disclosure scenario (labeled in some rec...
CVE-2022-3907 Clerk < 4.0.0 - Authentication Bypass and API Keys Disclosure
The Clerk WordPress plugin before 4.0.0 is affected by time-based attacks in the validation function for all API requests due to the usage of comparison operators to verify API keys against the ones stored in the site options...
CVE-2022-3907 Clerk < 4.0.0 - Authentication Bypass and API Keys Disclosure
The Clerk WordPress plugin before 4.0.0 is affected by time-based attacks in the validation function for all API requests due to the usage of comparison operators to verify API keys against the ones stored in the site options...