The Login with NEAR plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 0.3.3. The `ajaxLoginWithNear()` function — registered as a `wp_ajax_nopriv` action and therefore reachable by unauthenticated users — accepts an attacker-supplied `account` POST parameter and issues a valid WordPress authentication cookie based solely on a substring check for `.near`, with no nonce verification, cryptographic signature validation, challenge-response exchange, or any proof that the requester controls the corresponding NEAR wallet. This makes it possible for unauthenticated attackers to log in as any existing WordPress user, including administrators, whose email address matches the deterministic `<account>@near.org` pattern derived from the supplied `account` value. If no matching user exists, the handler automatically creates and authenticates a new WordPress account for the attacker-controlled identifier, providing a further avenue for unauthorized account creation.
The Login with NEAR WordPress plugin versions up to 0.3.3 contain an authentication bypass vulnerability allowing unauthenticated attackers to log in as any user by supplying a crafted account parameter. The vulnerability exploits insufficient validation in the ajaxLoginWithNear() function which only checks for a .near substring without proper cryptographic verification or nonce validation.
تحتوي إضافة Login with NEAR للووردبريس على ثغرة خطيرة في دالة ajaxLoginWithNear() التي تقبل معاملات من المستخدمين غير المصرح لهم دون التحقق من صحتها. يمكن للمهاجمين استخدام هذه الثغرة للدخول كمسؤول أو إنشاء حسابات جديدة بدون بيانات اعتماد صحيحة.
The Login with NEAR WordPress plugin up to version 0.3.3 has an authentication bypass flaw that allows unauthenticated users to log in as administrators or create new accounts. The vulnerability stems from inadequate validation of the account parameter with no cryptographic checks or proper authentication mechanisms.
Immediately update the Login with NEAR plugin to version 0.3.4 or later. If immediate patching is not possible, disable the plugin entirely. Implement Web Application Firewall (WAF) rules to block requests to wp-admin-ajax.php containing suspicious account parameters. Conduct a security audit of all WordPress user accounts and reset credentials for administrative accounts. Monitor WordPress authentication logs for suspicious login patterns and implement multi-factor authentication for all administrative users.
قم بتحديث إضافة Login with NEAR إلى الإصدار 0.3.4 أو أحدث فوراً. إذا لم يكن التحديث ممكناً، قم بتعطيل الإضافة بالكامل. طبق قواعد جدار الحماية لتصفية الطلبات المريبة. قم بمراجعة أمنية شاملة لجميع حسابات المستخدمين وأعد تعيين كلمات المرور للحسابات الإدارية. راقب سجلات المصادقة وفعّل المصادقة متعددة العوامل.