What is CVE-2023-6036?

CVE-2023-6036 is a vulnerability in Web3, classified under CWE-287 IMPROPER AUTHENTICATION. Published 2024-02-12.

Is CVE-2023-6036 known to be exploited?

5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Web3

CVE-2023-6036

The Web3 WordPress plugin before 3.0.0 is vulnerable to an authentication bypass due to incorrect authentication checking in the login flow in functions 'handle_auth_request' and 'hadle_login_request'. This makes it possible for non authen…

EPSS: 0.563 (98.2th percentile) — read the EPSS interpretation.

Affected products

Unknown Web3 — versions 0

Public proof-of-concept exploits

pctripsesp/CVE-2023-6036
20142995/nuclei-templates
ARPSyndicate/cve-scores
fkie-cad/nvd-json-data-feeds
nomi-sec/PoC-in-GitHub

References

wpscan.com/vulnerability/7f30ab20-805b-422c-a9a5-21d39c570ee4/ (exploit, vdb-entry, technical-description)

Frequently asked questions

What is CVE-2023-6036?: CVE-2023-6036 is a vulnerability in Web3, classified under CWE-287 IMPROPER AUTHENTICATION. Published 2024-02-12.
Is CVE-2023-6036 known to be exploited?: 5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.