Filtered by vendor Miniorange
Subscribe
Filtered by product Web3 - Crypto Wallet Login \& Nft Token Gating
Subscribe
Total
1 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-3249 | 1 Miniorange | 1 Web3 - Crypto Wallet Login \& Nft Token Gating | 2023-12-10 | N/A | 9.8 CRITICAL |
The Web3 – Crypto wallet Login & NFT token gating plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.6.0. This is due to incorrect authentication checking in the 'hidden_form_data' function. This makes it possible for authenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the username. |