CVE-2022-3907EPSS p54.4%

CVE-2022-3907CVE-2022-3907

clerk.io / clerk.io

Description

The Clerk WordPress plugin before 4.0.0 is affected by time-based attacks in the validation function for all API requests due to the usage of comparison operators to verify API keys against the ones stored in the site options.

Scoring

CVSS 7.5 ()
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS0.88% probability of exploitation · percentile 54.4% · 2026-06-19T12:03:05Z
Last modified2026-06-08

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-42349
CVE
CVE-2026-7458
CVE
CVE-2026-41248
CVE
CVE-2021-47984
CVE
CVE-2025-9243
CVE
CVE-2026-23899
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.