Lucene search
WPScanCVELIST:CVE-2022-3024HistorySep 26, 2022 - 12:00 a.m.
CVE-2022-3024 Simple Bitcoin Faucets <= 1.7.0 - Unauthorised AJAX Call to Stored XSS
2022-09-2600:00:00
CWE-863
CWE-352
WPScan
www.cve.org
bitcoin faucets
wordpress plugin
unauthorised ajax call
stored xss
csrf
sanitisation
0.001 Low
EPSS
Percentile
21.4%
The Simple Bitcoin Faucets WordPress plugin through 1.7.0 does not have any authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscribers to call it and add/delete/edit Bonds. Furthermore, due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site Scripting issues
CNA Affected
[
{
"vendor": "Unknown",
"product": "Bitcoin Satoshi Tools : Faucets, Visitor Rewarder, Satoshi Games, Referral Program",
"versions": [
{
"version": "1.7.0",
"status": "affected",
"lessThanOrEqual": "1.7.0",
"versionType": "custom"
}
]
}
]Related
patchstack
patchstack
wpvulndb
wpvulndb
Simple Bitcoin Faucets <= 1.7.0 - Unauthorised AJAX Call to Stored XSS
2022-08-31 00:00:00
prion
prion
Cross site scripting
2022-09-26 13:15:00
nvd
nvd
CVE-2022-3024
2022-09-26 13:15:10
cnvd
cnvd
WordPress Simple Bitcoin Faucets Cross-Site Request Forgery Vulnerability
2022-09-28 00:00:00
cve
cve
CVE-2022-3024
2022-09-26 13:15:10
wpexploit
wpexploit
Simple Bitcoin Faucets <= 1.7.0 - Unauthorised AJAX Call to Stored XSS
2022-08-31 00:00:00