CVE-2022-3024
The CVE-2022-3024 entry concerns the WordPress plugin Simple Bitcoin Faucets (versions ≤ 1.7.0). The vulnerability is due to missing authorization checks and CSRF protection in an AJAX action, enabling any authenticated user (e.g., subscribers) to call the action and add/delete/edit Bonds. It is ...