CVE-2023-6036

Name of the Vulnerable Software and Affected Versions Web3 WordPress plugin versions prior to 3.0.0

Description The issue is related to an authentication bypass due to incorrect authentication checking in the login flow. This is caused by vulnerabilities in the handle auth request and handle login request functions. An attacker can exploit this to log in as any existing user, including administrators, if they have access to the username. The vulnerability can be exploited by sending a specially crafted POST request.

Recommendations For versions prior to 3.0.0, update to version 3.0.0 or later to resolve the issue. As a temporary workaround, consider disabling the handle auth request and handle login request functions until a patch is available. Restrict access to the login module to minimize the risk of exploitation.