Vicent Ribas

**Name of the Vulnerable Software and Affected Versions** Web3 WordPress plugin versions prior to 3.0.0 **Description** The issue is related to an authentication bypass due to incorrect authentication checking in the login flow. This is caused by vulnerabilities in the `handle auth request` and `handle login request` functions. An attacker can exploit this to log in as any existing user, including administrators, if they have access to the username. The vulnerability can be exploited by sending a specially crafted POST request. **Recommendations** For versions prior to 3.0.0, update to version 3.0.0 or later to resolve the issue. As a temporary workaround, consider disabling the `handle auth request` and `handle login request` functions until a patch is available. Restrict access to the login module to minimize the risk of exploitation.