CVE-2022-3024

The Simple Bitcoin Faucets WordPress plugin through 1.7.0 does not have any authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscribers to call it and add/delete/edit Bonds. Furthermore, due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site Scripting issues
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:simple_bitcoin_faucets_project:simple_bitcoin_faucets:*:*:*:*:*:wordpress:*:*

History

28 Sep 2022, 16:21

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.4
First Time Simple Bitcoin Faucets Project
Simple Bitcoin Faucets Project simple Bitcoin Faucets
References (MISC) https://wpscan.com/vulnerability/7f43cb8e-0c1b-4528-8c5c-b81ab42778dc - (MISC) https://wpscan.com/vulnerability/7f43cb8e-0c1b-4528-8c5c-b81ab42778dc - Exploit, Third Party Advisory
CPE cpe:2.3:a:simple_bitcoin_faucets_project:simple_bitcoin_faucets:*:*:*:*:*:wordpress:*:*
CWE CWE-352
CWE-863

26 Sep 2022, 13:18

Type Values Removed Values Added
New CVE

Information

Published : 2022-09-26 13:15

Updated : 2023-12-10 14:35


NVD link : CVE-2022-3024

Mitre link : CVE-2022-3024

CVE.ORG link : CVE-2022-3024


JSON object : View

Products Affected

simple_bitcoin_faucets_project

  • simple_bitcoin_faucets
CWE
CWE-352

Cross-Site Request Forgery (CSRF)

CWE-863

Incorrect Authorization