Lucene search
K

6 matches found

Patchstack
Patchstack
added 2024/02/13 12:0 a.m.17 views

WordPress Web3 – Crypto wallet Login & NFT token gating Plugin < 3.0.0 is vulnerable to Broken Authentication

Software Web3 – Crypto wallet Login & NFT token gating Type Plugin Vulnerable versions 3.0.0 Fixed in 3.0.0 OWASP Top 10 A2: Broken Authentication Classification Broken Authentication CVE CVE-2023-6036 Patch priority Low CVSS severity Low 9.8 Developer Claim ownership PSID 9bc7bba9b677 Credits...

9.8CVSS6.6AI score0.01773EPSS
Exploits3References4Affected Software1
Vulnrichment
Vulnrichment
added 2024/02/12 4:6 p.m.12 views

CVE-2023-6036 Web3 – Crypto wallet Login & NFT token gating < 3.0.0 - Authentication Bypass

The Web3 WordPress plugin before 3.0.0 is vulnerable to an authentication bypass due to incorrect authentication checking in the login flow in functions 'handleauthrequest' and 'hadleloginrequest'. This makes it possible for non authenticated attackers to log in as any existing user on the site,...

9.5AI score0.01773EPSS
Exploits3References1
Cvelist
Cvelist
added 2024/02/12 4:6 p.m.39 views

CVE-2023-6036 Web3 – Crypto wallet Login & NFT token gating < 3.0.0 - Authentication Bypass

The Web3 WordPress plugin before 3.0.0 is vulnerable to an authentication bypass due to incorrect authentication checking in the login flow in functions 'handleauthrequest' and 'hadleloginrequest'. This makes it possible for non authenticated attackers to log in as any existing user on the site,...

6.7AI score0.01773EPSS
Exploits3References1
CVE
CVE
added 2024/02/12 4:6 p.m.96 views

CVE-2023-6036

CVE-2023-6036 affects the Web3 WordPress plugin before 3.0.0. The root cause is incorrect authentication checking in the login flow, specifically in the functions "handle_auth_request" and "handle_login_request" (note: some sources spell the second as 'hadle_login_request'). This enables an unaut...

9.8CVSS6.6AI score0.01773EPSS
Exploits3References1Affected Software1
Circl
Circl
added 2024/02/01 11:3 a.m.6 views

CVE-2023-6036

creationtimestamp| type| source ---|---|--- 2024-02-01 11:03:14+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/9891 2024-02-01 15:08:01+00:00| published-proof-of-concept| Telegram/bOqPtzHEO1ZVbaDJKoLdYxD4kMdbp1u8MWZoepA-pgrQ 2024-02-12 17:21:58+00:00| seen|...

9.8CVSS4.8AI score0.01773EPSS
Exploits3References3
GithubExploit
GithubExploit
added 2024/01/31 4:58 p.m.388 views

Exploit for Incorrect Authorization in Miniorange Web3_-_Crypto_Wallet_Login_\&_Nft_Token_Gating

CVE-2023-6036 POC about Wordpress plugin Web3 – Crypto wallet...

9.8CVSS6.7AI score0.01773EPSS
Exploits3
Rows per page
Query Builder