Lucene search
PRIOn knowledge basePRION:CVE-2022-3025HistorySep 26, 2022 - 1:15 p.m.
Cross site scripting
2022-09-2613:15:00
PRIOn knowledge base
www.prio-n.com
4
wordpress
csrf
security
stored xss
0.001 Low
EPSS
Percentile
21.2%
The Bitcoin / Altcoin Faucet WordPress plugin through 1.6.0 does not have any CSRF check when saving its settings, allowing attacker to make a logged in admin change them via a CSRF attack. Furthermore, due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site Scripting issues
| CPE | Name | Operator | Version |
|---|---|---|---|
| bitcoin\\/altcoin_faucet | le | 1.6.0 |
Related
nvd
nvd
CVE-2022-3025
2022-09-26 13:15:10
cnvd
cnvd
WordPress Bitcoin / Altcoin Faucet Cross-Site Request Forgery Vulnerability
2022-09-28 00:00:00
cve
cve
CVE-2022-3025
2022-09-26 13:15:10
wpvulndb
wpvulndb
Bitcoin / Altcoin Faucet <= 1.6.0 - Settings Update to Stored XSS via CSRF
2022-08-31 00:00:00
cvelist
cvelist
wpexploit
wpexploit
Bitcoin / Altcoin Faucet <= 1.6.0 - Settings Update to Stored XSS via CSRF
2022-08-31 00:00:00
