WordPress Web3 – Crypto wallet Login & NFT token gating Plugin < 3.0.0 is vulnerable to Broken Authentication

Software Web3 – Crypto wallet Login & NFT token gating Type Plugin Vulnerable versions 3.0.0 Fixed in 3.0.0 OWASP Top 10 A2: Broken Authentication Classification Broken Authentication CVE CVE-2023-6036 Patch priority Low CVSS severity Low 9.8 Developer Claim ownership PSID 9bc7bba9b677 Credits...

Web3 – Crypto wallet Login & NFT token gating < 3.0.0 - Authentication Bypass

Description The plugin is vulnerable to an authentication bypass due to incorrect authentication checking in the login flow in functions 'handleauthrequest' and 'hadleloginrequest'. This makes it possible for non authenticated attackers to log in as any existing user on the site, such as an...

Web3 – Crypto wallet Login & NFT token gating < 3.0.0 - Authentication Bypass

Description The plugin is vulnerable to an authentication bypass due to incorrect authentication checking in the login flow in functions 'handleauthrequest' and 'hadleloginrequest'. This makes it possible for non authenticated attackers to log in as any existing user on the site, such as an...

CVE-2023-3249

The Web3 – Crypto wallet Login & NFT token gating plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.6.0. This is due to incorrect authentication checking in the 'hiddenformdata' function. This makes it possible for authenticated attackers to log in as...

Authentication flaw

The Web3 – Crypto wallet Login & NFT token gating plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.6.0. This is due to incorrect authentication checking in the 'hiddenformdata' function. This makes it possible for authenticated attackers to log in as...

CVE-2023-3249

The Web3 – Crypto wallet Login & NFT token gating plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.6.0. This is due to incorrect authentication checking in the 'hiddenformdata' function. This makes it possible for authenticated attackers to log in as...

WordPress Plugin Web3 – Crypto wallet Login & NFT token gating 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. WordPress Plugin Web3 - Crypto wall...

WordPress Web3 – Crypto wallet Login & NFT token gating Plugin <= 2.6.0 is vulnerable to Bypass Vulnerability

Software Web3 – Crypto wallet Login & NFT token gating Type Plugin Vulnerable versions = 2.6.0 Fixed in 2.7.0 OWASP Top 10 A2: Broken Authentication Classification Bypass Vulnerability CVE CVE-2023-3249 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 137db20e70bb Credits...

Upgraded Q -> 3 from #284 [1683017290576]

Judge has assessed an item in Issue 284 as 3 risk. The relevant finding follows: NFT tokens sent to the EthRouter contract by mistake can be drained by pool contracts. When someone calls sell, deposit or change functions on EthRouter contract, the contract gives the particular pool full approval...

Upgraded Q -> M from #445 [1674423223201]

Judge has assessed an item in Issue 445 as M risk. The relevant finding follows: 5 Function crossChain in GovNFT should have limit for maximum tokens allowed to be transferred, because of gas limit in the dest chain. if a user transferred a lot of tokens because there was two loop inside each oth...

Malicious offerers can easily create lots of invalid offers

Lines of code Vulnerability details Impact Creating an offer is pretty convenient in Seaport. Offerers don’t have to give the offered items to Seaport. They just need to make sure that when someone tries to fulfill their order, they already set the sufficient approvals. However, this convenience...

A previously timelocked NFT token becomes permanently stuck in vault if it’s ever moved back into the vault

Handle 0xRajeev Vulnerability details Impact Let’s consider a scenario where a particular NFT token was timelocked for a certain duration by the owner using timeLockERC721 with a delegate as the recipient and then transferred out of the vault by the delegate via transferERC721 but without unlocki...