WordPress Plugin Clerk Security Bypass - CVE-2022-3907 - Vulnerability Database

WordPress Plugin Clerk Security Bypass - CVE-2022-3907

Critical

Reference: CVE-2022-3907

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2022-3907

Title: WordPress Plugin Clerk Security Bypass

Overview:

WordPress Plugin Clerk is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform time-based attacks in the validation function for all API requests due to the usage of comparison operators to verify API keys against the ones stored in the site options. WordPress Plugin Clerk version 3.8.3 is vulnerable prior versions may also be affected.