Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Web3_\-_crypto_wallet_login_\&_nft_token_gating
(Miniorange)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 2 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-02-12 | CVE-2023-6036 | The Web3 WordPress plugin before 3.0.0 is vulnerable to an authentication bypass due to incorrect authentication checking in the login flow in functions 'handle_auth_request' and 'hadle_login_request'. This makes it possible for non authenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the username. | Web3_\-_crypto_wallet_login_\&_nft_token_gating | 9.8 | ||
| 2023-06-30 | CVE-2023-3249 | The Web3 – Crypto wallet Login & NFT token gating plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.6.0. This is due to incorrect authentication checking in the 'hidden_form_data' function. This makes it possible for authenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the username. | Web3_\-_crypto_wallet_login_\&_nft_token_gating | 9.8 |