CVE-2022-3024

The Simple Bitcoin Faucets WordPress plugin through 1.7.0 does not have any authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscribers to call it and add/delete/edit Bonds. Furthermore, due to the lack of sanitisation and escaping, it could also lead to Stored...

WordPress plugin Simple Bitcoin Faucets 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. Cross-site request forgery...

CVE-2022-3024

The CVE-2022-3024 entry concerns the WordPress plugin Simple Bitcoin Faucets (versions ≤ 1.7.0). The vulnerability is due to missing authorization checks and CSRF protection in an AJAX action, enabling any authenticated user (e.g., subscribers) to call the action and add/delete/edit Bonds. It is ...

PT-2022-20029 · WordPress · Simple Bitcoin Faucets

Name of the Vulnerable Software and Affected Versions: The Simple Bitcoin Faucets WordPress plugin versions 1.7.0 and earlier Description: The issue is related to the lack of authorisation and CSRF in an AJAX action, allowing any authenticated users to call it and add/delete/edit Bonds. This coul...

CVE-2022-3024 Simple Bitcoin Faucets <= 1.7.0 - Unauthorised AJAX Call to Stored XSS

The Simple Bitcoin Faucets WordPress plugin through 1.7.0 does not have any authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscribers to call it and add/delete/edit Bonds. Furthermore, due to the lack of sanitisation and escaping, it could also lead to Stored...