CVE-2023-6036

The Web3 WordPress plugin before 3.0.0 is vulnerable to an authentication bypass due to incorrect authentication checking in the login flow in functions 'handle_auth_request' and 'hadle_login_request'. This makes it possible for non authenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the username.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://wpscan.com/vulnerability/7f30ab20-805b-422c-a9a5-21d39c570ee4/	Exploit Third Party Advisory
https://wpscan.com/vulnerability/7f30ab20-805b-422c-a9a5-21d39c570ee4/	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:miniorange:web3_-_crypto_wallet_login_\&_nft_token_gating:*:*:*:*:*:wordpress:*:*

History

No history.

Information

Published : 2024-02-12 16:15

Updated : 2025-05-06 19:15

NVD link : CVE-2023-6036

Mitre link : CVE-2023-6036

CVE.ORG link : CVE-2023-6036

JSON object : View

Products Affected

miniorange

web3_-_crypto_wallet_login_\&_nft_token_gating

CWE

CWE-863

Incorrect Authorization

{"id": "CVE-2023-6036", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2024-02-12T16:15:07.983", "references": [{"url": "https://wpscan.com/vulnerability/7f30ab20-805b-422c-a9a5-21d39c570ee4/", "tags": ["Exploit", "Third Party Advisory"], "source": "contact@wpscan.com"}, {"url": "https://wpscan.com/vulnerability/7f30ab20-805b-422c-a9a5-21d39c570ee4/", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-863"}]}], "descriptions": [{"lang": "en", "value": "The Web3 WordPress plugin before 3.0.0 is vulnerable to an authentication bypass due to incorrect authentication checking in the login flow in functions 'handle_auth_request' and 'hadle_login_request'. This makes it possible for non authenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the username."}, {"lang": "es", "value": "El complemento Web3 de WordPress anterior a 3.0.0 es vulnerable a una omisi\u00f3n de autenticaci\u00f3n debido a una verificaci\u00f3n de autenticaci\u00f3n incorrecta en el flujo de inicio de sesi\u00f3n en las funciones 'handle_auth_request' y 'hadle_login_request'. Esto hace posible que atacantes no autenticados inicien sesi\u00f3n como cualquier usuario existente en el sitio, como un administrador, si tienen acceso al nombre de usuario."}], "lastModified": "2025-05-06T19:15:59.610", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:miniorange:web3_-_crypto_wallet_login_\\&_nft_token_gating:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "FE724F6F-FD10-4220-810D-AD1C286529B4", "versionEndExcluding": "3.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "contact@wpscan.com"}