The WonderCMS 3.1.3 is vulnerable to authenticated server-side request forgery (SSRF) through the installed themes and plugins. An attacker should have a legitimate authenticated session on the CMS to exploit the vulnerability.
Thank you for the comment. In fact, the government is forcing eCommerce, SaaS companies, merchants, and Banks to implement a strong customer authentication solution. You can read about PSD2 compliance and NIST 800-63B.
First, AuthSafe allows multiple user logins from the same device. And cognitive engine looks for malicious user behavior against devices. If there are no malicious signals or activities, in this case, users using the same device should be able to access it smoothly. If all are safe users, it's perfectly fine for users to share the same device.
Second, yes, people can access the services from public places, and every time a user's authentication will be considered a new device, which is not an issue unless he cannot verify his identity. Public places are easy targets for Hackers, and fraudsters to steal the authentication details and perform further frauds such as warranty fraud or policy abuses. You can read the details here: https://krebsonsecurity.com/2016/01/account-takeovers-fuelin...
Users who logins sensitive services from public places it is highly prone to ATOs. When Authsafe Says locations, that means if the user is not logged in from his usual location, then it will be flagged for verification. Users who have lower socioeconomic status do not jump from one country's IP address to another country's IP address.
The solution has been built to reduce the fraud risk frictionlessly. AuthSafe will be continuously focused on it.
