Back to search
CVE-2022-3907
Published: Dec 5, 2022
Modified: Apr 23, 2025
PUBLISHED
Description
The Clerk WordPress plugin before 4.0.0 is affected by time-based attacks in the validation function for all API requests due to the usage of comparison operators to verify API keys against the ones stored in the site options.
| Vendor | Product | Versions |
|---|---|---|
Unknown | Clerk | affected 0 - < 4.0.0 |
References
https://wpscan.com/vulnerability/7920c1c1-709d-4b1f-ac08-f0a02ddb329c
exploit
vdb-entry
technical-description
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now