EPSS
Percentile
56.7%
The plugin does not properly perform authentication in the ‘hidden_form_data’ function, allowing an unauthenticated user to log in as any existing user on the site, such as an administrator, if they have access to the username.
www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/web3-authentication/web3-crypto-wallet-login-nft-token-gating-260-authentication-bypass