Web3 – Crypto wallet Login & NFT token gating < 3.0.0 - Authentication Bypass

Vulnerability

The Web3 WordPress plugin before version 3.0.0 is vulnerable to an authentication bypass due to incorrect authentication checking in the login flow. The flaw resides in the functions handle_auth_request and hadle_login_request, which fail to properly verify the user's identity, allowing unauthenticated attackers to bypass authentication [1].

Exploitation

An attacker can exploit this vulnerability by sending a crafted login request to the vulnerable endpoints. The attacker only needs to know the username of an existing user (e.g., an administrator) to log in as that user without any prior authentication or user interaction [1].

Impact

Successful exploitation allows an attacker to log in as any existing user on the WordPress site, including administrators. This grants full access to the site, enabling the attacker to modify content, install malicious plugins, or take complete control of the site [1].

Mitigation

The vulnerability is fixed in version 3.0.0 of the Web3 plugin, released on 2024-01-17. Users should update to this version immediately. No other workarounds are available [1].