CVE-2022-3024

The Simple Bitcoin Faucets WordPress plugin through 1.7.0 does not have any authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscribers to call it and add/delete/edit Bonds. Furthermore, due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site Scripting issues
Configurations

Configuration 1 (hide)

cpe:2.3:a:simple_bitcoin_faucets_project:simple_bitcoin_faucets:*:*:*:*:*:wordpress:*:*

History

21 Nov 2024, 07:18

Type Values Removed Values Added
References () https://wpscan.com/vulnerability/7f43cb8e-0c1b-4528-8c5c-b81ab42778dc - Exploit, Third Party Advisory () https://wpscan.com/vulnerability/7f43cb8e-0c1b-4528-8c5c-b81ab42778dc - Exploit, Third Party Advisory

Information

Published : 2022-09-26 13:15

Updated : 2024-11-21 07:18


NVD link : CVE-2022-3024

Mitre link : CVE-2022-3024

CVE.ORG link : CVE-2022-3024


JSON object : View

Products Affected

simple_bitcoin_faucets_project

  • simple_bitcoin_faucets
CWE
CWE-352

Cross-Site Request Forgery (CSRF)

CWE-863

Incorrect Authorization